agenttesla

General

Target

648df7b486ed0abf84c922839628e281c8ce3a3db87e6e5cbeb2b526e413448c
Size

406KB
Sample

220521-bay43sbfb4
MD5

5ee452187714097e0afd3f7bca42fe23
SHA1

7e236e881572faf06a9d789b3b26552cd9869798
SHA256

648df7b486ed0abf84c922839628e281c8ce3a3db87e6e5cbeb2b526e413448c
SHA512

294358592249fbf29d16aeff4b93e62fe0c91ddffd3afc50783127bb08ec2c939ebcdce4c283b6f4cfa44d265b20cb4256ee3abe2020507c23dff96e3f04e9ae

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Sages101*

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Sages101*

Targets

- Target
  
  Quote-DOC-20200806-55839.pdf.exe
- Size
  
  476KB
- MD5
  
  be225ec01cc3c8f2d7b840a9c20a6a56
- SHA1
  
  43582a2fdd53ff41ee143defb4fe519d07740b3e
- SHA256
  
  7662b95c8a34a134787fc3242b8b82059416f582103965a8da7457769e2739f1
- SHA512
  
  3e1032a471469a7f3f6243268ecf94a2ca38d7ea4bbefadf6b5f960142158e581f148318a19e6d6420fab94a971bd19e62dd5d2b14ba6479fe74ae6f4c6c35df
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2