agenttesla

General

Target

30bf0417e8ef6f1c5e5fd0c824bbe27ee0ef116ccdb02cbe5b93d83106747b1f
Size

451KB
Sample

220521-bbvs2sbfe7
MD5

18a40cfc308b213eb101215231447f27
SHA1

c26ef73b0d446cdc0f93a947e79c29edd4f90090
SHA256

30bf0417e8ef6f1c5e5fd0c824bbe27ee0ef116ccdb02cbe5b93d83106747b1f
SHA512

d9312a1bdc0fc7d30912f910d9c9d674979f22638197556c3487306dcfef6a5f33db8f0264f9e0822bab720d1472798ec6db53009e5697482439cab9839c46b5

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.moorefundz.com
Port:
587
Username:
[email protected]
Password:
g7g2Ig?Aeh_+

Targets

- Target
  
  Bank_swift_7312020_pdf.exe
- Size
  
  505KB
- MD5
  
  1218c82a5f6287684f1cab30ec3f9ac5
- SHA1
  
  5a2f7bc5d6f96c33116c1fbc6dd9530f1977bee7
- SHA256
  
  c4e9cfa688e157572fb7eed326914253fba8a38cc22a9670291117464f6c9214
- SHA512
  
  033124ae5d6eefa5fb00730c52ddad5e6931196230982012a01432d355e25f05f29338590ee2e3c402030c1487ccc3b36db8339b3e5a9288ed15928e9ce1de9e
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2