Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99
General
Target
Size
Sample
9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99
412KB
220521-pvcy8sgad3
Score
10 /10
MD5
SHA1
SHA256
SHA512
22af3dbfea5d7cedf0694f415f6e79f9
73e549f8df0c42b6fb133241b8e223e44c3ac556
9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99
33ab3adbb6106d6bfccdbb8cf44beb769eed23e0b7f3ab12fea4e3a127b470178061b34474b16bf00748221477e9d317d8c9363d827a0362ebc1f49c60cc52ab
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: mail.aquariuslogistics.com Port: 587 Username: ajay@aquariuslogistics.com Password: AQL@2019#$ |
Targets
Target
MD5
Filesize
FIRST PURCHASE ORDER.exe
dbbac19cfd01ab4e759500a13168a30b
714KB
Score
10/10
SHA1
SHA256
SHA512
71917c8765aaa6e2869cc1b949bfddf3580457c5
fe41fe0b302887f61f20473015f386ab57ddb4cc278b3e1639c07337012a58f4
caa08b928acff84a762f64c8c18c332db8f546d003085415560bdc265c3c90953d3e54da5e2031d188beca49e8c891966f8f8de66c8202928045acfd7d80d4ee
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks