agenttesla

General

Target

b9772819d22abab31d2fe20b7cfb9af85fe992cb358601e321f6466d93536bb6
Size

420KB
Sample

220520-3xpmpsceen
MD5

2ce6d0592d99d4bcceb919866278e6f8
SHA1

0290646757c278c1fae0664f1e5ac369da5e7b64
SHA256

b9772819d22abab31d2fe20b7cfb9af85fe992cb358601e321f6466d93536bb6
SHA512

183463f228e0e65021acd56ac39e18fe50227425148417e39d138e6117d468f592ada4c50709f6dd3d0b10649ffe406ad4e4822b15b3751fafafa2f02d3e7d24

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.foodanddesign-lb.com
Port:
587
Username:
[email protected]
Password:
yarze@2018

Extracted

Credentials

Protocol: smtp
Host:
mail.foodanddesign-lb.com
Port:
587
Username:
[email protected]
Password:
yarze@2018

Targets

- Target
  
  MV BAO HONG 8.exe
- Size
  
  721KB
- MD5
  
  bfd2145018ef78abe6735ae1e4cddaf3
- SHA1
  
  ff555d3a1968a706add19a6fbb1012011923a4b0
- SHA256
  
  fd108b640511e040ff81be0ea54bb8bdfdb12aff54def52ac147c3fa112a143e
- SHA512
  
  31ba2aa7fe23fe4a5435f521d4258976bdfd45eb4462bee7bd7ee2b0ad9889e9eaf67696bfe93124e19f703574c1e5030b27b11d0cb7593c077257ee0de34740
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2