agenttesla

General

Target

9fbc0df1d3d5c208380059be4bc30e559291b2c8baf64d38037e2f039a998508
Size

351KB
Sample

220520-2rjntsfha9
MD5

6f00b39b76e4c869250f6e04c300eab7
SHA1

c83c64196236a86bdae8d3f2964b5d736ad549b7
SHA256

9fbc0df1d3d5c208380059be4bc30e559291b2c8baf64d38037e2f039a998508
SHA512

8288dc830f101a93696a1288cc63375c5cd9c023d71b6416499babf32de606efed5baa79cbc80fe1e3fc3ec1c574fdd5e1c47b4456790b51e4c6c89b46052f90

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saamaygroup.com
Port:
587
Username:
[email protected]
Password:
pawan100

Targets

- Target
  
  Payment Invoice..exe
- Size
  
  389KB
- MD5
  
  25c25e8a6169d9debe8d2d98a8264b84
- SHA1
  
  7894e65a0ff81a059d6b72def4fc6a3563ed9560
- SHA256
  
  4e6f8dbaac0d3d8f52ed89bbd3a295661640c929394ae12adb0248638eaf02d8
- SHA512
  
  9b4025838ff70c094687617d48e8858d761932734ae7e2b2a3b1dddc0019fad05f26000333f05fbd8271bf59f641ae37f34109efa6cc0d864334db6fdb89c726
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2