Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
a40a664137a3573248372810f32015f2e0e1f93d000bb8d45a455b5c1c8691d0
General
Target
Size
Sample
a40a664137a3573248372810f32015f2e0e1f93d000bb8d45a455b5c1c8691d0
335KB
220521-pt5mvsgac3
Score
10 /10
MD5
SHA1
SHA256
SHA512
99f02941df7d879298f5234581717e45
ef35ae182f86d7d279fc96486ceed006e593c915
a40a664137a3573248372810f32015f2e0e1f93d000bb8d45a455b5c1c8691d0
fc7ee58fa8d8678c0a5b86c4d3c7553facfddd97af61440729e9f3a3a048bfc6162b3237699fe7c0a521dee2d759b5c9477e2c5cb4d731525b7e3070780f1f8b
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: mail.itdone.cz Port: 587 Username: testovaci@itdone.cz Password: viObavejMa |
Targets
Target
MD5
Filesize
RFQ0392.exe
b3911724ce21ecfb5c68e35848a49ded
389KB
Score
10/10
SHA1
SHA256
SHA512
5a598183755980fa9719ede513244099ee315462
bb8e4fd77036e0c835a7362aa8288dc6d24a935917455d8c6dbdf28361ff725d
1e41fe3de2a9ccacb8abb8c5c557e38ff186375b9d902b2992f248d77017dc56a930cfce3ad629f78349c5a9a3b9fc1c969051c376800972bd4b56108541911f
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks