agenttesla

General

Target

162f1e6e446fb3689f7b35393de3a2a781dc4f1e018611ab88ce9b781fa1d847
Size

707KB
Sample

220521-bksp2scab8
MD5

a02b13739448e08eacfcf1fa131f82f8
SHA1

15d4a96edd1146393f6736450c1558fb168e7d8c
SHA256

162f1e6e446fb3689f7b35393de3a2a781dc4f1e018611ab88ce9b781fa1d847
SHA512

abe32e6d85264e3dad437624714788621b2bfdfb28e8d188ad0e09b404a79e0a2ba1782701145dacf0ac5f591685ae1896bb8d3f3a392ada9921a50753fc5a63

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kemyo.lk
Port:
587
Username:
[email protected]
Password:
YWNZL%x)7o6r(^nPeV5qsQy^

Targets

- Target
  
  Tax_Invoice (965496112).exe
- Size
  
  1.0MB
- MD5
  
  d047bd852813fb0cd3f93bc0bacaabdd
- SHA1
  
  722d6893f02d1fd0b44e5d20cc0e1ae43934dd4d
- SHA256
  
  254920e6788f4cb4975f08c5deef07e932f4a370a38c5197d7a4fb7846ea63ae
- SHA512
  
  56433badc741031b41a1842181ea9ada0e35d92651ae8fa3d1f21663e3f8218a1810d4ceed399489e181a5ff60f317729a2e7a3db32437d52188d74cfa0b3790
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2