agenttesla

General

Target

3e06a9b8cd9526c4f446f626d08c010086c48677746c8e2f80dab6a8f5e831fe
Size

410KB
Sample

220521-bbjqsabfd2
MD5

503500a97ef0f4d9784e897d55792ee3
SHA1

07ffb362203d8c5658f273c40ee7dfe5b690e60e
SHA256

3e06a9b8cd9526c4f446f626d08c010086c48677746c8e2f80dab6a8f5e831fe
SHA512

8b60995da6a1aab36d016e52ef1f319c0886c9d4d56a51430aef2febd61a98db24573b879a7484ec9dbd4f96183a6d3ef9a7148b678cdfc290fc1aa7d4a2c032

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
blessing2020

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
blessing2020

Targets

- Target
  
  payment copy _7302020_PDF.exe
- Size
  
  449KB
- MD5
  
  cddcaaf646b126f8b18026f51d355137
- SHA1
  
  d28c464f2f722f7310a790e1a494e3bacd4b0364
- SHA256
  
  0d6502ebac7f57de3c41d7077d2c613dc31f7f58bef5deb486ff0364e9ff97fe
- SHA512
  
  09579057f193eb6a8db6cba082984d4053c09ee4e03c77ca4e352c296289e563ad3ed153d7ca0569a43a889f46b7f3d3f8df292d665ada2e6f83dd3b6853e81a
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2