agenttesla

General

Target

ed2c34c719cbb69644d74f2fa7c9886fe64846afd263ec2fae7e4409067baac5
Size

748KB
Sample

220520-3lnahahbb6
MD5

b1a1fe23e818d3da8415cb118fba9a31
SHA1

a0166334d2022fb6ad85fcdb8a6713d5958013ec
SHA256

ed2c34c719cbb69644d74f2fa7c9886fe64846afd263ec2fae7e4409067baac5
SHA512

4c1c6d1ad3b6f8b2e313b101dcf8e9c5bfa03264ca7a8ff0233a2e84088f7d0ec1d1c69eca5a00b7597d1238edcb408320069d02d342482c55e1373f82c00824

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.magicpharma.pt
Port:
587
Username:
[email protected]
Password:
Mc@1234

Extracted

Credentials

Protocol: smtp
Host:
mail.magicpharma.pt
Port:
587
Username:
[email protected]
Password:
Mc@1234

Targets

- Target
  
  IMG1012020701.bat
- Size
  
  463KB
- MD5
  
  cc5b1c09157600eb36114425e50e6c06
- SHA1
  
  edf77e0a1caafb464257c85abf822a608d924fa2
- SHA256
  
  2bdd9634f525e88efcb093031698f749e6117f7b32e2a18e1271ad5e94b22022
- SHA512
  
  a58de0b0e57aa4abb8523877619062ba256f69ea21da3788d1eb02be6425ea6ec27e32541ee62d3d477e7ba9c01b6f8f3be745eeaaf70aa48f437f43051c4872
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  IMG10120207011.bat
- Size
  
  485KB
- MD5
  
  085d29006ec989b5938ddc78f78c72e9
- SHA1
  
  23859d85eb3f9ae83b61203f54318559e721ec50
- SHA256
  
  052bcc60e46315357188930ba35adce006f4e223a50c862db9795998d96faa30
- SHA512
  
  b32559895a12e809653c2ec4b05a9adee00a2a5c3c88f288241be01cd5607d553ba98d39736284f640ce54053247fd3d1e5457c9f7631aeba3efc8ab85621ab9
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

6

T1081

Discovery

Lateral Movement

Collection

Data from Local System

6

T1005

Email Collection

2

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

AgentTesla

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4