agenttesla

General

Target

AWB 302-07379411-21.zip
Size

659KB
Sample

211024-npfbqsdgh3
MD5

65aed6777575f6227b2ef91fe91c5bff
SHA1

aa2353941fd5ceb07b7bb16bbddef5bb05830b95
SHA256

0959b5a19ea6e26da622fd5a6b8ad9a191ddb5369300cceb27b65a27a9edc487
SHA512

5e89c518d4f62e3de27c4d98994c5430be738a97933832a0e2f4d178249cfff785bcf417c6cf28c2c54d6eef8943a4fd57e18c3cc90ff17572a30d5b4b96ffef

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.prinutrition.com
Port:
587
Username:
[email protected]
Password:
forrest

Targets

- Target
  
  AWB 302-07379411-21.exe
- Size
  
  724KB
- MD5
  
  7d160eccbfdf241886c85a0a18a40335
- SHA1
  
  01e4291ff7cbc5353b1dbaeee5c97b3e188ff9c3
- SHA256
  
  6973bba6867ecf5183846ae49c92c5e62a14c527608243e5fbbadca9c355f7d7
- SHA512
  
  e1af7f8b37e57f41f94a27b78cc0c94887405755d348bf677fe4dda7f15d834ac7cc10b408ef1697360701237a015e35aa1303b7b6cba31641e57c0d9b034b49
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Drops file in Drivers directory

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2