Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
$35@@#.exe
General
Target
Size
Sample
$35@@#.exe
516KB
210727-fp2698387s
Score
10 /10
MD5
SHA1
SHA256
SHA512
fe61f0a471b697d0c381c64eddf3649c
bb8575caccc983a10f86de8c86e5e6598b993b27
412991e242a1a3b4325e9d22e9158880214f13fd0db68c8509fab47d4f09c9d5
6b279820631cd2d86d4e545a18b9dd1cedf81bfe921fbcddb8c042a9f64e2883c75acae047f770e15e4d01d0524f0d6de16de8dcf44428e06b382cfb138f78d0
Malware Config
Extracted
| Family | agenttesla |
| C2 |
https://api.telegram.org/bot1815802853:AAFwTZ6mRU-UOmcTcCR8glZAAkNmzHpMkL8/sendDocument |
Targets
Target
MD5
Filesize
$35@@#.exe
fe61f0a471b697d0c381c64eddf3649c
516KB
Score
10 /10
SHA1
SHA256
SHA512
bb8575caccc983a10f86de8c86e5e6598b993b27
412991e242a1a3b4325e9d22e9158880214f13fd0db68c8509fab47d4f09c9d5
6b279820631cd2d86d4e545a18b9dd1cedf81bfe921fbcddb8c042a9f64e2883c75acae047f770e15e4d01d0524f0d6de16de8dcf44428e06b382cfb138f78d0
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks