agenttesla

General

Target

53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
Size

1.0MB
Sample

220521-pbv1psabgm
MD5

84fc9b2e219a1e95f95f1406c76decd3
SHA1

b71510a02066fb0cf632073ff2018b79133c6f26
SHA256

53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
SHA512

29966dc48b4bbe169756d39f432e79502d3253a07aa4909a8ccaf115851d40abdd1cac8a0d7c49ccf9f608f7bf115dbfd105af3b9a32a4a284dbcbeab0744c20

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mapi.diplemailsrvr.com
Port:
587
Username:
narayana@synpurelabs.com
Password:
Banachi@1974

Extracted

Credentials

Protocol: smtp
Host:
mapi.diplemailsrvr.com
Port:
587
Username:
narayana@synpurelabs.com
Password:
Banachi@1974

Targets

- Target
  
  Our company presentation~pdf.exe
- Size
  
  689KB
- MD5
  
  22c37e22bf539c843de4ccc764924f33
- SHA1
  
  d557a14aca121b534854bba8b7357bfd91d042c4
- SHA256
  
  094f6a9977aca85ca844fdab18035108dda8907b5c7b90416653a573e4e127b7
- SHA512
  
  11250880efd045016bf7c7fc74273e7b536ffae455da31d3137734c39cc81f7151dcf3a20ce9a1b8096949e28c88d7c646b25f524ce9d2ad9744ec48342abef1
Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Purchase Order~pdf.exe
- Size
  
  689KB
- MD5
  
  22c37e22bf539c843de4ccc764924f33
- SHA1
  
  d557a14aca121b534854bba8b7357bfd91d042c4
- SHA256
  
  094f6a9977aca85ca844fdab18035108dda8907b5c7b90416653a573e4e127b7
- SHA512
  
  11250880efd045016bf7c7fc74273e7b536ffae455da31d3137734c39cc81f7151dcf3a20ce9a1b8096949e28c88d7c646b25f524ce9d2ad9744ec48342abef1
Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4