agenttesla

General

Target

d45ee13d150ef45e1d99e0dfe030c5048012c22790b64e45c54acc5d1103c623
Size

458KB
Sample

220520-3q83rshdb8
MD5

11a684e4558fe9942a6f37d86d9e761a
SHA1

8c6cff52bccd41cca984f939f56fb0b047f60c7f
SHA256

d45ee13d150ef45e1d99e0dfe030c5048012c22790b64e45c54acc5d1103c623
SHA512

1df7b9a5230e9cfc89ae549b068a87d2434a491db2632d36ee2b34cb7e7034bb0d3f7f0f86217189309ef2dbdfe255934e348861dca43fc0530f972b9a3eb8a4

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.waltartosto.com
Port:
587
Username:
[email protected]
Password:
pZQhjl!9

Targets

- Target
  
  dhl_doc7348255141.exe
- Size
  
  564KB
- MD5
  
  e739df7351d40a3ca22df1f8690ae392
- SHA1
  
  a3d8efc917bbacf8bbaa5356a46b99546a83486f
- SHA256
  
  e93afd4067150bd662214a18a87f226e8b50729186caf728ef70d71eb4510094
- SHA512
  
  7f5bb95118bda066c019e06cc1f70f745a576ef84f156a06d0243c7e6809cd1662812c2c80f567fb05a7fd786e73a786aaa08ff9366a4c4764cf8dfbe9733b87
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2