agenttesla

General

Target

9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d
Size

431KB
Sample

220521-n1zvhshfaj
MD5

ea7de6cfc8ba2ff9c0220c1906f131d8
SHA1

2250bcda2a259caaf6a42bd576bae257e490748c
SHA256

9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d
SHA512

9893e6015a2b8d133871a658aef650b36337b181e3ddcb30a220d1a06630a53b1c8f513eef0547ed41dff232a1fa1387058930d05ac3e3ca8d5077ac981d859b

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acroative.com
Port:
587
Username:
[email protected]
Password:
onegod5050()

Extracted

Credentials

Protocol: smtp
Host:
mail.acroative.com
Port:
587
Username:
[email protected]
Password:
onegod5050()

Targets

- Target
  
  Shipping Documents_2998-0029-28833-92883.exe
- Size
  
  671KB
- MD5
  
  900b759ab7a29b28175f5a63c4437d05
- SHA1
  
  43806cee07901eae1b676a1f02f8d20e1eee7c2e
- SHA256
  
  76aeceb07ade4e0dca6cf046b682ae5909f578b725da30d10a46c6fb58cc3f33
- SHA512
  
  67b1ce5262bac1781618461c3dc3e9fb566b1ad11268c80a8d2261d776620086f0a0026f8de02f011e873748416e63a2f42485abd4bf58c513d0e9511bec5f7c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2