agenttesla

General

Target

f0ecbc7b267751a43f7db46ab1faa1fc29c834b2fd5224ba202f645afdeb3c46
Size

790KB
Sample

220520-3k2rhahag9
MD5

e68e78463bbcacd2da759f6b85047220
SHA1

d6cd5dc69938e0ffbe7c2b39ab0c5a20d450fa9c
SHA256

f0ecbc7b267751a43f7db46ab1faa1fc29c834b2fd5224ba202f645afdeb3c46
SHA512

038f1d4157783e4766ba12f76f158adc2136ca475456b913a116318545563dde13a5aa4c4d386aafdb0f3c61fc97d68b322f4c0a9a9e6f783df504d1da95f61f

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.greenhornechem.com
Port:
587
Username:
[email protected]
Password:
^fpNyGmQa2

Targets

- Target
  
  Invitation to Bid Document.exe
- Size
  
  587KB
- MD5
  
  56c28a5e5db8741f23931e28b8a27a7b
- SHA1
  
  355ede2c4f0cc58d4767ca3878b9ce52c3b46fa3
- SHA256
  
  83eff9827c853adff940f77bff9e516f0ef9e5865f04d0e02572ee8b0051b720
- SHA512
  
  421aa9339e69aa54eabeef9aad66f0462fc0059f06c694d76cef6685b242ab834e15161319f4c5f0c702deb2981987f806fd5d5a35b0b7158169539d98b9fccb
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  RFQ Sinopec Refining Project.exe
- Size
  
  579KB
- MD5
  
  4b22fb58751575aa519aae5e1ca8841c
- SHA1
  
  36b679ba9fb83058600b0a5f12ac30dcce4c002c
- SHA256
  
  3298b7890071ea9442142d9f030802b738664152a1f07fbabe629b72b0ea7b3d
- SHA512
  
  ec5cf1b523ed05dc40fb2070907260b781140c4f605fcc5fdc628829b0d9380bb87645e7e4a2e1b258ba950a1131757c4f34c7e53ae0ccd1013857581a1f622a
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4