80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea

Tags

Signatures

• AgentTesla

  Description

  Agent Tesla is a remote access tool (RAT) written in visual basic.

  Tags

  keyloggertrojanstealerspywareagenttesla

• AgentTesla Payload

• Reads data files stored by FTP clients

  Description

  Tries to access configuration files associated with programs like FileZilla.

  Tags

  spywarestealer

  TTPs

  Data from Local SystemCredentials in Files

• Reads user/profile data of local email clients

  Description

  Email clients store some user data on disk where infostealers will often target it.

  Tags

  spywarestealer

  TTPs

  Data from Local SystemCredentials in Files

• Reads user/profile data of web browsers

  Description

  Infostealers often target stored browser data, which can include saved credentials etc.

  Tags

  spywarestealer

  TTPs

  Data from Local SystemCredentials in Files

• Accesses Microsoft Outlook profiles

  Tags

  collection

  TTPs

  Email Collection

• Suspicious use of SetThreadContext

Related Tasks