agenttesla

General

Target

ef2a19dcd781167eb00ecc18eb819ab74def1fe04fe9fa164c331e40024cbfff
Size

412KB
Sample

220520-2vbsdsgae7
MD5

bfba69b568f8d286f6a3c3d54c379ee9
SHA1

b072df0f3fca4526b36fb663e6479bbb4d253bc7
SHA256

ef2a19dcd781167eb00ecc18eb819ab74def1fe04fe9fa164c331e40024cbfff
SHA512

d8e61891faf7c8eaabc5ac822dd3816cec028e521e0ae50ea2803c49d002ad2a31a50eb6e568f447ba5377a6cc4cd6cb048e6383505663bd39a5be4db2a114e1

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
challenge12345@

Targets

- Target
  
  RFQ& BOQ.exe
- Size
  
  454KB
- MD5
  
  f3e3c7a92136919817a9321b48eb2085
- SHA1
  
  6ae4702d854f468850076fd5ed762d36322f775d
- SHA256
  
  bddb7243a3c497b8189e815b30996642d01f881830d241bffe6cbd88a59ec95f
- SHA512
  
  8ce7d0324890430c057e00742e09e3c52ef57015367f1bbfcabe6a173479b61d04096b2523b17d7fb55dad3c7bd0b489d0b8bba9e9b0f15a36b1531838a7fa20
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2