agenttesla

General

Target

a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde
Size

374KB
Sample

220521-n3ex5ahfer
MD5

783117c5109242862f5b83a81014e4f6
SHA1

049403c4b7485065077f3a2da1ccfd08c4dc5073
SHA256

a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde
SHA512

7cbbe26e74349f2ca0d53ecba6bfc28a833a3c80d2abac354b5a1e8a243e5996c6bc903a24ea70ca555ae063bbde839c7fd311b6450652e3f5547b6095b340e1

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
twire.icu
Port:
587
Username:
[email protected]
Password:
Amarachi@#$

Targets

- Target
  
  Account Details.docx.exe
- Size
  
  406KB
- MD5
  
  3fd221aa6a0d95df5894e38a16cfecf1
- SHA1
  
  a44d376a9aae6eeb368396925ab82a81e1b8f4c1
- SHA256
  
  47279cbd996ae6cd51c09c77529472475d50b0f8aaf3a092bdd1f53a3f94e61f
- SHA512
  
  7dfe2f5fac7bc9ff66bcb5710f3a8b60713713d93059b3536dac2e1e7f4ba33245c5fe9ecb9de0b6b36e1910ca4c5ec320fc135ff25138314929ea0525e913b5
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2