agenttesla

General

Target

e5d3293bb885009c8f6691eb9a45d4c7f6c4869f5e4f0f196dc519bb9f39472b
Size

645KB
Sample

220520-3mttnshbe9
MD5

2ed8e27a8d936e6b27f3b0854df533d9
SHA1

2a502329ae11fcf863142f33bc209ccff08716c0
SHA256

e5d3293bb885009c8f6691eb9a45d4c7f6c4869f5e4f0f196dc519bb9f39472b
SHA512

aa0d4de3d45dbee5f26c4ac462d721a6d271ec2a6c7a51e10ef9fb8d83110e28d6d49bd585862817acff8204665ba0fb280daf60e902a49ac63f0e3501312131

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
challenge12345@

Targets

- Target
  
  REQUEST FOR QUOTATION.exe
- Size
  
  885KB
- MD5
  
  380dccf3e217737abd694fb7ae9221e9
- SHA1
  
  5884af1454d84b531951b9e69ddf51611804bb13
- SHA256
  
  fb42ce632ff111ef24eebae3f336e0e04b8602dd621e2886a22ce0870ce287c4
- SHA512
  
  458604779b2497c0b7bcfdd7f1ee3111e9fef3201c0a3a8bd8bf9039fea6cf7f13f7280a2d4775432fef3a29e6ca6ecbd505427b522644bfe65818a3d26fc2e5
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2