agenttesla

General

Target

87d9c2119cc14f0975e6ec70d73793be9fd8abbda1d0b25979dab2d2cbabbf91
Size

441KB
Sample

220521-d8gc2ahab7
MD5

4ef2c48223f9cea211f1c8c062a77b5a
SHA1

b2439ae929d9db64c8d6550315ef463fbd0f1e3a
SHA256

87d9c2119cc14f0975e6ec70d73793be9fd8abbda1d0b25979dab2d2cbabbf91
SHA512

3b8ad0d33d4280926a0967396a7173a38d55aebbc6589dd98c6a6893e712aca897e07a11bad18ec10fc452bd6ea303a22b79d67dd413021c964a39cd65929479

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
chukwudi123

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
chukwudi123

Targets

- Target
  
  0900009900pdf.exe
- Size
  
  539KB
- MD5
  
  ff69f59ae77ee39cafdb4e7efb4accd7
- SHA1
  
  998f7ed69e24b27371151aeb3d953643c8566878
- SHA256
  
  ed1aa53c89a6250abd5ec84f8458338150b89ba617d4ca9b8d1583658a2b44ef
- SHA512
  
  a457ce644c81831d757c7737364a22291c7db2194f457ea92f9de6a9560e25d12e9164b94dbd8b4048b7ed65d122b55944ce6212fb1f12d1ccb5c00693487b27
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2