Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
fc1f9c1a144bdf50c6ed493af4c2ed0025ff9740c4eee0d7d6fd47d488574a42
General
Target
Size
Sample
fc1f9c1a144bdf50c6ed493af4c2ed0025ff9740c4eee0d7d6fd47d488574a42
513KB
220521-xjcs4afbbp
Score
10 /10
MD5
SHA1
SHA256
SHA512
0baaf92ea61a914cc5d3288022bfaa09
f59a41d0628a0da62ef500b76271e8653f2b1205
fc1f9c1a144bdf50c6ed493af4c2ed0025ff9740c4eee0d7d6fd47d488574a42
5512451c830cafcd646e883edd8690ff8d6a8636ac9361e4ba92471157ba67bda5a0d81833ca51b26dfd047d4afbaa5114290c53821e3e5cda866450b61dfa4e
Malware Config
Extracted
| Credentials |
Protocol: smtp Host: smtp.yandex.com Port: 587 Username: xyzax@yandex.com Password: 2019conCT@ |
Targets
Target
MD5
Filesize
Scanned Document for New Order.exe
25efd625b5087b05aa85145cbeeedd5d
551KB
Score
10/10
SHA1
SHA256
SHA512
bb7435eca866d8f457da396e9e8785826267e95f
c013bad7f656d8c4b7996af04a627c62b587946a8bf40fd12935664b4cb28c5e
7cff4fae2f6589ac237e061a024d14d416876a63dce13a4898717f17ca57d152d33c210e72fd44a47c597ef055094dd068f6ff9c4f609b86380837029b674c81
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks