2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8

Target

Size

366KB

Sample

220521-xmjqtacag5

Score

10 ^/10

MD5

43ac4837ede606f770bdc08667d5ed13

SHA1

526bfef123357bba6ba8b347bf7f82ce294954e4

SHA256

2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8

SHA512

e3fdcca4f025d770d4fc95b76f6b19b358b70a51a9f5eb93c25dece3738d1357e0bea7a81693020f964fe5ee444978ddf278a02764738202058980065171e512

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: smtp.yandex.ru Port: 587 Username: jaffinmark@yandex.ru Password: @jaffinmarknma@344

Extracted

Credentials

Protocol: smtp

Host: smtp.yandex.ru

Port: 587

Username: jaffinmark@yandex.ru

Password: @jaffinmarknma@344

Target

RFQ140820.exe

MD5

09013774aa4a7b0a4394f394a0f2fb42

Filesize

411KB

Score

10^/10

SHA1

9cd0e4e63f41ffedb73cb26b73dea0ea661fd216

SHA256

6011714f77a9cfdf682b04df3490a0ca227d9a64074946304b8ccd0c83e6264e

SHA512

f5676ee01bc1aeaf3877202dddcbbfe68921ef2363f4b70f907b05ba3921e519c50f0cb780ae52245894079b49b134f42c2352c2170a3c1f31842e9da7451d56

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Reads data files stored by FTP clients
Description

Tries to access configuration files associated with programs like FileZilla.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

agenttesla collection keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger spyware stealer trojan

10^/10

Extracted

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Checks computer location settings

Description

TTPs

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2