agenttesla

General

Target

597c4b4f5a047a75c9498ca9887cf7fc745861318d5814d6a1e77a72a55d2cfb
Size

629KB
Sample

220206-1kmapscbgj
MD5

6c92ad97157e96a3f3c482432f4dabeb
SHA1

6123f8cb5bf4817fda5128f78b97eee85b4d44c5
SHA256

597c4b4f5a047a75c9498ca9887cf7fc745861318d5814d6a1e77a72a55d2cfb
SHA512

4f1df77c03b2b7c2203138ae553e48b9dd7982aa6eb3f0703cd219f88d7259ce3ad97368a2da44e72675bc36d1072ed18d716a97945c9e6d76de97dd693a137c

Score

10^/10

Malware Config

Targets

- Target
  
  TT-INVI000000000.exe
- Size
  
  914KB
- MD5
  
  a9fe1629c98954b6af37d55141373d25
- SHA1
  
  0a230168bac70aac3b43523fcd4bc4b14ed53e47
- SHA256
  
  811d169ec93c76795798353e6fdf509271d61d3424acb7d709c34cc83511b0f9
- SHA512
  
  6b079542a4b7ca6183e7cca4a50e666a47dc237571ce07fe54501169f21f209949dc72dfd8855668ec508f0563e4b1c8e7ebf8c08db854ccf7e3a010c2709099
Score

10^/10

agenttesla neshta remcos collection keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2