agenttesla

General

Target

TT swify Order.zip
Size

461KB
Sample

211017-nevnnsdddn
MD5

4ea70ffb53c032f8320eae5ef5116855
SHA1

1add82f34e7bde3480028d4d1a0e8066e8f6dd23
SHA256

37689ef3bb00444ecd46b782cb4d22e851ba4954684ee483033e38e8e4cf2931
SHA512

65c5dc8e254b2508d138d7013ac35bbf95c3b39c24f07924c56d5100dc0f035e3e59e9b36a48906aa8eb16be798099b26322c0c4b16603908e2857b7eb2c9ad9

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ananthasuites.com
Port:
587
Username:
[email protected]
Password:
Anantha225@#

Targets

- Target
  
  TT swify Order.exe
- Size
  
  735KB
- MD5
  
  f8c04a79425fbd0bde8ee6dd132d655b
- SHA1
  
  b10826eb64f5d2469df8f776df34405cee0d1d05
- SHA256
  
  6459b80dbdfbf19a21456659f618c0e22693b4d2389e5cfbba864e5d2b85eb1a
- SHA512
  
  3e02e41db2e64c12360972886ed83838c45d702f68d1bc07a47e613d1c8392d13ba393eb6cecbe18a7d4991229b7f6e89525d61bdb0dd77815422956b4c3d92d
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contains code to disable Windows Defender

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2