Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581
General
Target
Size
Sample
019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581
615KB
220521-xls8vscad3
Score
10 /10
MD5
SHA1
SHA256
SHA512
111e194d223926906ecea780f5a7a7f5
bfc289366c5824f2d9cced4d6edf88cacdb77797
019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581
fcf7f0a6ba29e3e488363e3379a7d72ee0b95b185b47c2d509c7384dc671d683cbc0d50de4f205b3a8fa3148cc7b9cb0b941d28b2cc3496e0673f41a54fc1657
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: smtp.yandex.com Port: 587 Username: chuk5anderson@yandex.ru Password: chukwudi123 |
Extracted
| Credentials |
Protocol: smtp Host: smtp.yandex.com Port: 587 Username: chuk5anderson@yandex.ru Password: chukwudi123 |
Targets
Target
MD5
Filesize
ARG 101.56-0.06 gauge.exe
30545d17881d0c3067ebc371dffa0730
825KB
Score
10/10
SHA1
SHA256
SHA512
d9a148bf49b3cef4c5c5ee583b4973036c86c27e
777e4e952b36fb4fc429e8338b14e09de7c0e076ab7aebe944e212c8087cfe39
69fefe7cdee34cc54d81e9b7214c6027666889130226388e4a9de8ac88f192f86a6e92e4eb401b25c5d001cd6625f2aa194bae92dd4a2d884c0a4332671d2833
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks