agenttesla

General

Target

0e643a127fdcae3f0ada30f6448e0db52e1220b591da686d5b6895e5a26c1efa
Size

637KB
Sample

220521-xfajkabeh5
MD5

6146ab2e2854342da1d82704c5821515
SHA1

7d379cebe5cab6a8a8a8a78f8b2891c5726645bf
SHA256

0e643a127fdcae3f0ada30f6448e0db52e1220b591da686d5b6895e5a26c1efa
SHA512

0f359320973ce053e36ccb2871d4b75ab5fbbed025a69233215c3c40a10cd3a6a5343c81edabf7ee220b1135288ff7e208e5deda70cf118a6b98ec19e931c637

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cka.com.sg
Port:
587
Username:
agnes@cka.com.sg
Password:
agnescka82

Extracted

Credentials

Protocol: smtp
Host:
mail.cka.com.sg
Port:
587
Username:
agnes@cka.com.sg
Password:
agnescka82

Targets

- Target
  
  NEW PO.exe
- Size
  
  552KB
- MD5
  
  a6da76fa51f029d56650a892efc0f353
- SHA1
  
  1e23cde32f44ea7e2eb4a23248a8c7d40b595e2c
- SHA256
  
  80f41a09d12356205262bb77b16daeaf2a284a89fd737b042149a4207f16c702
- SHA512
  
  a1b4d0ca8066f83453004eac7e73baf94575d4af45f2a00c1fe42bff70a8375105a685efecad2c52604ecf3b5e9300650588fdaf9cb1330e00ba00795b5832b9
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  PO.xlsx
- Size
  
  14KB
- MD5
  
  afb6307bf393aff2ba6e8b8c0199ff89
- SHA1
  
  51868fcf5f7c73937fd075fe25ffc191ac41c6c9
- SHA256
  
  4c81af66f036af9fdc5a53acc90b91d5e0a369978e5d186847bce31b52dc7484
- SHA512
  
  49c6ed8128b2f04177960477eb4995ebee8fa59537da1f94b599e16a4b3f6faf30a44bb63bdc51dbba99dcaa9632066e5d2af81321efbbde5de774be66e5c80d
Score

1^/10
behavioral3 behavioral4
- Target
  
  Quote for 20FT Tank Containers CYPRUSx.pdf
- Size
  
  113KB
- MD5
  
  194071ad3eccf329f3cd8aed324767df
- SHA1
  
  333416d0c58eed30b7c4cdfbd13dd76ebf5149c9
- SHA256
  
  3fed114564e25d121f53f45426c0c4b17449229194e3fe7b411640250389963e
- SHA512
  
  7e6445534679226a07875d83872a7a9ba598242c0c16b3a22f7b3c68b1f1980f5b325da9ffb4b2568edfb610ac2ec496fda8a6a9ee23317cf5bff88eb34cc571
Score

1^/10
behavioral5 behavioral6