agenttesla

General

Target

e62199fbffc6be5401420d0c2076ecaf092e8aca42356b79482e6887d3c7060e
Size

531KB
Sample

220520-1682laegd2
MD5

bd56c509ca6cb2062652ffb0c80e37f5
SHA1

8d2836be8cdc87f6d587a3acad71a51c9dc2ab83
SHA256

e62199fbffc6be5401420d0c2076ecaf092e8aca42356b79482e6887d3c7060e
SHA512

886025b53a48f3c5ff083c003c2c0735405aa05f5b07e3ae8aac5bdacbc643eb7e012f271b14fb9cab27883cc53263dd557800b6189278122286e28d2147c44f

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
chukwudi123

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
chukwudi123

Targets

- Target
  
  4959696069969605pdf.exe
- Size
  
  565KB
- MD5
  
  3f6bc3fd4ea20b8bc31396374ab1829f
- SHA1
  
  35fdfb9d4d1647efcf699a7e1e96e5cc754cc23b
- SHA256
  
  d29da0500ff7aecab3d24397cb745554f399dce5ab59f4ed7a95f6f959b62584
- SHA512
  
  5539e38f6ee9ed9c450cc6538d99201940007a4bd0c1f16fc0e4f49c64d0407d49d19690eb0f1beba157af01d46a131aa7a5f75fb763bf6c21c38c962d945db9
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2