agenttesla

General

Target

SecuriteInfo.com.Trojan.Olock.1.25787.19478
Size

628KB
Sample

220725-d4a1fsdbcq
MD5

648001a85b52b76357700adc26c026a5
SHA1

ea6c087ad34687241fd61292636d8deb95ce8e0f
SHA256

64078097de1ac1a9837f2315e1e5cb638a2cc12c538bb56e515376375613d15c
SHA512

eda310d7dc80abae8943d3209d82e675789980900c38e5d6ad813a4df4c7ec2014ed5f781a77e176b9961b57d66edee3e1c67ee80ab25f0ff6b8683952691be1

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.albatrosplus.rs
Port:
587
Username:
radmila.milinkovic@albatrosplus.rs
Password:
rasarada11

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.albatrosplus.rs
Port:
587
Username:
radmila.milinkovic@albatrosplus.rs
Password:
rasarada11
Email To:
auto.glass.metal@dr.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.Olock.1.25787.19478
- Size
  
  628KB
- MD5
  
  648001a85b52b76357700adc26c026a5
- SHA1
  
  ea6c087ad34687241fd61292636d8deb95ce8e0f
- SHA256
  
  64078097de1ac1a9837f2315e1e5cb638a2cc12c538bb56e515376375613d15c
- SHA512
  
  eda310d7dc80abae8943d3209d82e675789980900c38e5d6ad813a4df4c7ec2014ed5f781a77e176b9961b57d66edee3e1c67ee80ab25f0ff6b8683952691be1
Score

10^/10

agenttesla collection keylogger spyware stealer suricata trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE AgentTesla Exfil Via SMTP
  suricata: ET MALWARE AgentTesla Exfil Via SMTP
  suricata
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

suricata: ET MALWARE AgentTesla Exfil Via SMTP

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2