agenttesla

General

Target

14a8dc48a92695ede4638dbfd725d594da0a0483862311e0249b3c88a69b8b81
Size

1.2MB
Sample

220521-pn1rqaffh4
MD5

2af11fd617811cbdf30a35c8be909138
SHA1

1d5bfc0fbb607d22af7740383603812e529db721
SHA256

14a8dc48a92695ede4638dbfd725d594da0a0483862311e0249b3c88a69b8b81
SHA512

acfb7595c9051bdd953c3ec089257fb13082559d950ede75f25087f531d9cf8985cc898bdce7944c3f08d9feaa61cf9e60914dc8a05874857c0a27799fbbdd62

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.zoho.com
Port:
587
Username:
johnwebb01@zohomail.com
Password:
UY$W4+]^+9;)7CF5

Extracted

Credentials

Protocol: smtp
Host:
smtp.zoho.com
Port:
587
Username:
johnwebb01@zohomail.com
Password:
UY$W4+]^+9;)7CF5

Targets

- Target
  
  DHL_express_package.exe
- Size
  
  591KB
- MD5
  
  16c3bb1063950e08cad8d54aafa5dac1
- SHA1
  
  e9a9db62e38b2c241ec73cdeb8cb77c17e0188f1
- SHA256
  
  c8e57eaa8b0fcdfa8cd3db86591975ed151c5e1751997a94fb0d9dddf62aecba
- SHA512
  
  ba2c09252a9d01344256284bae7f01160ad9993845ea0c338113969ff7b3666a76488830d8cafaaa0cb991e8b478bb13c07936dae8c0d308e2969df62a517b2e
Score

10^/10

agenttesla collection keylogger persistence rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Documents.exe
- Size
  
  568KB
- MD5
  
  4c4ff89eb2f8ee2fa067a1d017497021
- SHA1
  
  8d8c62a01d0c3fc189040472ec42aa5171c1c1e4
- SHA256
  
  726e05271ef6a6781ecd7bd9b130e4621734c991160d820f0fdd61186f5fbd55
- SHA512
  
  1d2b6dcace4cba63a4cfab4c197286f132ca05b53b2c39c3b3ee60349514b4a2fac61b6e3cbaa61d784b6c7a6d8edb9e48338320c6c3ee8c75a7b225d67a0d2b
Score

10^/10

agenttesla collection keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4