Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
6647473163108352.zip
General
Target
Size
Sample
6647473163108352.zip
732KB
211231-mfe4yafcfj
Score
10 /10
MD5
SHA1
SHA256
SHA512
edc795bfc47de956665640fbac377a31
489c96bc473ae2fa47a71a0231319a0cda538339
c1b1647d0139cec7502ac097db85343e037559ed0afacab08f50a29e0adadfe1
f5e02aab1643c7f1d06a2ac05ad8d9afe7e6706827cff6f0e953fd79a970a78ac966a4b142ea4a1904a1450024f4350063ee2239c5a954173689bebc27ad2e3b
Malware Config
Extracted
| Family | agenttesla |
| C2 |
https://api.telegram.org/bot2049439171:AAHTF-OzMCy9i3S0b0hmaVc_mUsY0h6Ue_w/sendDocument |
Targets
Target
MD5
Filesize
3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a
02991d493aedc4e3b544cf5b9ee57499
300MB
Score
10/10
SHA1
SHA256
SHA512
1de6c330b46ac1de2ec149cdc5c3c4f3da979863
3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a
78ba8d96f2c2a91e951980abff59b256ab5e4297bbc12ca9f6a9fcc54036391b177907d74061459a44d2527c92bb47f8ef13a69ef8500fd303dfc41a1c89300d
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks