agenttesla

General

Target

073436c3936eb632ed28322b55211b0c36d05b5539343f1afda2eaab06924ebc
Size

392KB
Sample

220521-bcg9cabfg7
MD5

492b00feea62041e70f556f81550eaa3
SHA1

36b989dc052d6cd743a61613861b30cd6f2e15b4
SHA256

073436c3936eb632ed28322b55211b0c36d05b5539343f1afda2eaab06924ebc
SHA512

3f5ca2aace8e92fe1b95e01f51de5fb624bca3237784c69dd0f7715e22e1184104bb32f2f9663f26a7164f8f3bb9e4d905c7e84faafae157f8f0e688b6e8aac7

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.zarkom.rs
Port:
587
Username:
[email protected]
Password:
Medicko121

Targets

- Target
  
  FEDEX Online Customer Advisory AWB, BL Commercial. Invoice 20207105534231.pdf.exe
- Size
  
  434KB
- MD5
  
  28cfa40c77b39ff4dd7b57680d91afff
- SHA1
  
  05c1d4cd3d8238e0f485ba36855d8e57ce44227b
- SHA256
  
  d4ca1a42f5c889f5b6e12a5f4059ff6bc22c6ea99f830d561baf9d6de3b42eea
- SHA512
  
  219d8b9104a8a6135b2244c7e0c23c454fe71b0d4b5bfc2f652dbd16118d67c4ff9e3aa51eadb3e6e614d64bde16c6856bd9a3a2707832bc99cc7efa0158175e
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2