Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18
General
Target
Size
Sample
63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18
453KB
220521-pwwsqsbchk
Score
10 /10
MD5
SHA1
SHA256
SHA512
729f4af4bf6ca02c94c625a735d4c084
f3f982b714c3e51eed05775ff47378ae59de5d9a
63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18
fd409251ba4c49780cddec230904566ae68943bb7016c5cc60afe166f88c548fa1ed2c9193512461a2249a6b08a62c97bbff909a6540d3c3bc7cf58246944d85
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: smtp.moorefundz.com Port: 587 Username: evra@moorefundz.com Password: g7g2Ig?Aeh_+ |
Targets
Target
MD5
Filesize
6月份副料請款明細 高士丰 - TAIEASY.exe
81a9fd9492afb0f0d7bea535b1ef201a
487KB
Score
10/10
SHA1
SHA256
SHA512
daae7e3c956973ef70278f3bec0f962df847e853
4e9e93f2212fe68f3a0ffe0a1eb732413efd85cc3e94d6d62ebc9558dd8b957c
c1095cb393d4b877629029676839c47dffc64aece9b9c09cea5228a9f2e2b19337008b3b0045eb7102def563c71b7681c3420d73e4ae62666f7d2f41d0dbf2fa
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks