Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
General
Target
Size
Sample
invoice.exe
1MB
210727-rez2l55gea
Score
10/10
MD5
SHA1
SHA256
SHA512
ffce81b27dd34935f5371161cc84891b
a55136da4f4640bde0732f586b07e878be9d6c94
d94d8b336a0abcfb47c21091d7e6ea47539cdb4a16c378ea3aa54ee28c15b7c9
97e3c58cb513baa37b2e83c3704bbdca5886b51c0b780e12e84029683c3f9fab93966e68b0153aba2506dfe7dc3d04e275e5003e10f52a2b8f9d1b1b86244bbd
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: mail.marcer.com.tr Port: 587 Username: muhasebe@marcer.com.tr Password: mar1453 |
Targets
Target
MD5
Filesize
invoice.exe
ffce81b27dd34935f5371161cc84891b
1MB
Score
10/10
SHA1
SHA256
SHA512
a55136da4f4640bde0732f586b07e878be9d6c94
d94d8b336a0abcfb47c21091d7e6ea47539cdb4a16c378ea3aa54ee28c15b7c9
97e3c58cb513baa37b2e83c3704bbdca5886b51c0b780e12e84029683c3f9fab93966e68b0153aba2506dfe7dc3d04e275e5003e10f52a2b8f9d1b1b86244bbd
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10