agenttesla

General

Target

Копија трансферног депозита 21_10_2021.exe
Size

829KB
Sample

211021-k8f6laaaf9
MD5

dd935f8a955277927e354112a64d5f0c
SHA1

271e6ff9cc2c3c260ab548365f521e91e84ac702
SHA256

cb09a8409d25766f18a76c939c7c90ca8c437df5fb8a3289388487f686fe51e5
SHA512

01e9ae0bbef8bf3e92cf9da6ebb1aa4d9895be171d6b94f11d4449a751c1d17f42eb77690ea24fb41994ba240d0d1ad352c64a9ee25d69489ff0d19a80645054

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acpl.net.in
Port:
587
Username:
qcesd@acpl.net.in
Password:
Hi~M)?*G~-Zd

Targets

- Target
  
  Копија трансферног депозита 21_10_2021.exe
- Size
  
  829KB
- MD5
  
  dd935f8a955277927e354112a64d5f0c
- SHA1
  
  271e6ff9cc2c3c260ab548365f521e91e84ac702
- SHA256
  
  cb09a8409d25766f18a76c939c7c90ca8c437df5fb8a3289388487f686fe51e5
- SHA512
  
  01e9ae0bbef8bf3e92cf9da6ebb1aa4d9895be171d6b94f11d4449a751c1d17f42eb77690ea24fb41994ba240d0d1ad352c64a9ee25d69489ff0d19a80645054
Score

10^/10

agenttesla agilenet collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2