agenttesla

General

Target

6c11886cb1dd5dec119ba707555dd0bbb5705c97e60221a4108141f796ed4b7d
Size

463KB
Sample

220521-myzw3acfh6
MD5

81541448dce4dd4077e5d6bdb52a6a7d
SHA1

84d91668b34be38942287b1f3d3d0f32db5c8236
SHA256

6c11886cb1dd5dec119ba707555dd0bbb5705c97e60221a4108141f796ed4b7d
SHA512

afff5c2785c0b4bc1cb67d36b3e339039a7211ef10249ab6a5e9a1e6a45cdc6191b048d140879a3c4a4fadbdf01ffa3b0d47f7eb1af45a866f08a6d2b2ac591f

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
chuk5anderson@yandex.ru
Password:
chukwudi123

Targets

- Target
  
  Payment Proof.exe
- Size
  
  806KB
- MD5
  
  6c8f01372803ed1b13e8e03bc764b84f
- SHA1
  
  2851549bed6bab05ddd74c2ae97e7324b2df8e31
- SHA256
  
  c482ca787afb6b9f12e79b80f791494338b6a353950c12e57df5b1411a1ccd50
- SHA512
  
  fae08dac1a2f78177fd274954e00f57b6e16b869a8ed8fe1d8d61c7fd01c875dff44df69493dffb59c9f6ab25ac39b7a2ce12ddea7602444c149a7c475c6a487
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2