Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4
General
Target
Size
Sample
3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4
1MB
220521-pxzk1sbdek
Score
10 /10
MD5
SHA1
SHA256
SHA512
cdea2db65aae814621336d740aa92924
c6714c72354633c08595eddb6f010c1035f825bf
3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4
0cacfdd12126c9dee62bcdcadea631fb4b299831f86648e84a9a940b788481dfdc2d28da4e6a8ebdfe5d6168906ad786bea6aa06e46614ca9c9aa4f66bd71676
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: smtp.yandex.ru Port: 587 Username: miss.vostrickova2016@yandex.ru Password: 3232908 |
Extracted
| Credentials |
Protocol: smtp Host: smtp.yandex.ru Port: 587 Username: miss.vostrickova2016@yandex.ru Password: 3232908 |
Targets
Target
MD5
Filesize
scan08312020.pdf .......exe
f13581b27fd5fc2225e0f62fae689970
1MB
Score
10/10
SHA1
SHA256
SHA512
45739ac5a6a20d63b281e20a088214e3589020d5
92bb0317bc220657af5e88c2382bb04150052319693a2ed90616bf65ff44467a
9029fd8335f393ccd69b75871c61672d23af7a9f8fb77a14c68b00842d1a4822d2a7c3f9495026fac55a432f08b1c1b826f7a2145ad662aa1c1f7000b7ce98ea
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks