agenttesla

General

Target

44f3cb31cb0eaececb35e3d1bdf180b088a5e09cbddfea663c564b3913433473
Size

399KB
Sample

220521-bkn2vsfadp
MD5

9ff0b0923dcc50147c56205bdf91bf41
SHA1

c199667cc8020223e080239d4111164ab8063789
SHA256

44f3cb31cb0eaececb35e3d1bdf180b088a5e09cbddfea663c564b3913433473
SHA512

d6e79052e8a5f46742d197acc88fba7cbad3c2b5e84122c6685b2d2bedafec90c1a49d8ba34bf396fcaa81dff3c6eec091130b8e9236ea19b4a7a0712001f8ab

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Logmein1

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Logmein1

Targets

- Target
  
  payroll.exe
- Size
  
  703KB
- MD5
  
  5d92e59673df06713a2a37f7a4fbdafc
- SHA1
  
  c188318d7a1e6367317c5c541145241ca1afe6f9
- SHA256
  
  2b80556f6cd49c291e54b1f0d7d3f15664958412ea6d2c36273e356de9081966
- SHA512
  
  54a638bc3bb6ba6ca40a0e73e75335a2be24c3e03de293b08ce1891d617e1f123cf09ac7ea6df682ce668b47f6503fc0c882c57171b45302f1114f5c9348f55b
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2