agenttesla

General

Target

Sin factura 2021 NOV-INV IX 08945.exe
Size

757KB
Sample

211101-ns3w7shge6
MD5

0e674bdf43144fea1eeb1eed1013c59a
SHA1

2ee2139e2fb67b4a27e4074c21a3db12d0c665a8
SHA256

c2f38ab387af8786ebc37f336dd923f935098dea3821e2ef8a9e2308c3ed47e7
SHA512

5438664d71cab3426851bf82a1a0d68900fbe556ee1b065c2f7da522fdd3c9619a922f14a73bc245f16442ca76fd25bf07255d76ddd0870b6246b8f06cf2e41f

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acpl.net.in
Port:
587
Username:
qcesd@acpl.net.in
Password:
Hi~M)?*G~-Zd

Targets

- Target
  
  Sin factura 2021 NOV-INV IX 08945.exe
- Size
  
  757KB
- MD5
  
  0e674bdf43144fea1eeb1eed1013c59a
- SHA1
  
  2ee2139e2fb67b4a27e4074c21a3db12d0c665a8
- SHA256
  
  c2f38ab387af8786ebc37f336dd923f935098dea3821e2ef8a9e2308c3ed47e7
- SHA512
  
  5438664d71cab3426851bf82a1a0d68900fbe556ee1b065c2f7da522fdd3c9619a922f14a73bc245f16442ca76fd25bf07255d76ddd0870b6246b8f06cf2e41f
Score

10^/10

agenttesla agilenet collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2