agenttesla

General

Target

aed870d7f8c722d321b1c9f9e7a59607b78a263e23b0e4fa3a5a2a7c20951300
Size

555KB
Sample

220520-2a3elsabbn
MD5

ff54713098d14492bbd5ddc843d81df2
SHA1

4ec89ab3e4e2f0133a147e4f9686da5276225564
SHA256

aed870d7f8c722d321b1c9f9e7a59607b78a263e23b0e4fa3a5a2a7c20951300
SHA512

19be18668a6c4caa1a675583bfa9ad7896a666706ddb94b286d0d4889555672c9a515a3514f453355e20d3bd7ff9ac466132c8ddd03a2c2c8b5b711827175959

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
investment2678

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
investment2678

Targets

- Target
  
  swift copy.exe
- Size
  
  679KB
- MD5
  
  ddca913c0234f39188ad9bb1088ca54d
- SHA1
  
  63af9a6bf03d404fbd37e7240bec2fee4368946b
- SHA256
  
  5df5709fe8846aa9535491744a84674f36afd3ba1f94c53c3d996da9ef400b31
- SHA512
  
  a5a75bb493d234ac85b3a5a915aa57830f383943fd782e5a8156a230c33cdb18b91768d5fc7bffdecedc99d4eeedc97817695b89450731f1995a49454948e1a2
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2