Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
3b851cdb7318d975f510336e3fa77b0c367c45c57173d4f3406c9d1bc369096b
General
Target
Size
Sample
3b851cdb7318d975f510336e3fa77b0c367c45c57173d4f3406c9d1bc369096b
1MB
220521-xcyf8aegcp
Score
10 /10
MD5
SHA1
SHA256
SHA512
a06fc8cf22ec4fe7c1b51443bddba18f
476ce5fcb018b5df571832093f186c8e87f3fc4f
3b851cdb7318d975f510336e3fa77b0c367c45c57173d4f3406c9d1bc369096b
a21fbdb0da78ccdba33141b2cc989df98709d70745aabb8918b4f7e0db3f4f87faf841dbe2f761a70a3c6e9055b99913a91c4e66f5f41cd8eb7812ec1b8a529a
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: mail.parshavayealborz.com Port: 587 Username: info@parshavayealborz.com Password: P@rshava123456 |
Targets
Target
MD5
Filesize
SOA.rar.exe
6e87a2e7ef62721a2aef357431076a7a
2MB
Score
10/10
SHA1
SHA256
SHA512
1cdf35c6ea661a2ef0461d7b8de441eb8dd802b1
5f409bddf5b4efe31ec833332774381385c1a31e3e2d8e5e3b2d2f934be0a5a7
a752bb0fb663a27d4034478f3b4b63e005ce5b95a3db699b7918a59583e25182b50eca769994008bf6fc00ad9819daa91f476384c12e5511f8716da668f221dc
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
ReZer0 packer
Description
Detects ReZer0, a packer with multiple versions used in various campaigns.
Tags
-
Disables Task Manager via registry modification
Tags
-
Drops file in Drivers directory
-
Drops startup file
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
AutoIT Executable
Description
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks