agenttesla

General

Target

52c279fcbe4d25d60a1254db8a31685e96d5a5fef2e08fe4e3af7ef1b37316c5
Size

392KB
Sample

220521-n2219shfdn
MD5

cb087c22ca586b5010c72ca531c75e29
SHA1

bdbd8317b9f0da841217a499ead0297b0461f0fa
SHA256

52c279fcbe4d25d60a1254db8a31685e96d5a5fef2e08fe4e3af7ef1b37316c5
SHA512

ee6c7a94c3b1fd3442f48535987dd88558b4148785e6c742ab872fe82bf4a743ac34533d41206bed4780ec753114eb4d753e64bcfa62054b1843e949e9bf9e06

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
goodluck11

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
goodluck11

Targets

- Target
  
  腾达付款申请USD132,450.00-pdf.exe
- Size
  
  688KB
- MD5
  
  2a8ecefa3972ea8cff2d2e4221acafc3
- SHA1
  
  006b8f88a804385b2b4d9c8090885cdd936a56a2
- SHA256
  
  b23b16b95e108a322540588bcc3a36124ee12dea5d94f754dbc112395baebf67
- SHA512
  
  63b85a886706dd268d0297ef9bee947c331a1d6d0169f5921dc220f967d7a4f1a56bd8b521df18eae678c57ef3211637a65b4612783aa0a0d888b17cb483198c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2