agenttesla

General

Target

88905cf9ea5085d7264e7b87ae4fc427253ec552df9e3c56a0848e2ff49178b2
Size

1.4MB
Sample

220521-agz5aaacb8
MD5

bec60227238d8667d8ed447d646a52a0
SHA1

630d64b6116a40a6d43cc2488711dd33ea68c843
SHA256

88905cf9ea5085d7264e7b87ae4fc427253ec552df9e3c56a0848e2ff49178b2
SHA512

cdba3a92bf0f930f1fc63a327eaeb9a6cd75b26bf7f60412cda316040a39380d02ce14cd76bebe4d597e91c85f63a5dbdac6fe57567572bcf5fbd0611178281c

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
drsaint1992101

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
drsaint1992101

Targets

- Target
  
  BL & Original shipping documents AWB & parcel tracking 1.exe
- Size
  
  850KB
- MD5
  
  a2fabb659641023048269765790f973e
- SHA1
  
  b18cb6179e52427f1d0526c52bb05f26e8e2b1f3
- SHA256
  
  08443bf9fa957824d3f097be9f7171d11ca06a26bc1e94e518b0654bf9ef5c32
- SHA512
  
  efe48bdbc32cae5001a70c0c3fce52064a9ae86be74498f9152fbd7d3ad6792e6ebcee0d51be0336ed300bb0dfc63de3a18dcd4f9184d6d29555b1b155f2dddf
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Original shipping documents AWB & parcel tracking.exe
- Size
  
  871KB
- MD5
  
  348d7c0aaca945e8aaa2c5fb7bfc1122
- SHA1
  
  54ce23bc3e637191c19443069dc3e624e55af782
- SHA256
  
  f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16
- SHA512
  
  b4e9edc8addd54db88cbefd0df4faed8526fa6d6c733f727305fd08d691979982944ecc61b7e2ea55d39f3afa0d10f76db020acaaad757ce0be669840e8f6c42
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4