agenttesla

General

Target

Payment confirmation 3 invoices_____PDF______________________________________.zip
Size

337KB
Sample

211025-r9vtpsgcf4
MD5

291ff0b164654c96741a8c69765e9bbc
SHA1

bc44247659365f6d0f8680fccde4c707172d9346
SHA256

2509cdd2da5489c1bc14de1473e4cdf2bb2b71c15afd34a9debdb6763a23c1ea
SHA512

58c66ba545fdd4b11a3358134b8aba5b80a9ff2b92059efde8073e71628c78b3ae0defe90afbd5c5b4338fd4c1498aa7047b65bd051e26d1496956830ff74f4a

Score

10^/10

Malware Config

Targets

- Target
  
  Payment confirmation 3 invoices.exe
- Size
  
  418KB
- MD5
  
  699e3a000f794f58fbcc5896a74ce29f
- SHA1
  
  e9d4ba8769bf6033512a278e4f9c4ea343009468
- SHA256
  
  c7a8cfe33391bd39eef4449e5d3910ce92af04aee5c4e087b406eecf8f364d7f
- SHA512
  
  7084bfe111084c7acafe107225525340f8dfd9078bb757b9a5aba51425904132a24d42f3ccad84cf4f1951dbc5dae2f37f7f29132f4e9d5081f8b350c886b172
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

AgentTesla Payload

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2