agenttesla

General

Target

FACTURA 009-546#.r09
Size

820KB
Sample

221027-y417vsdcf8
MD5

cdaf40e7e2db27b1a3788248e40113dd
SHA1

59cc3578c43432b92c5dfbab748bc4d43f2162ee
SHA256

6afbc1781812f1b035bf50dc3a9fa694f84bd36e4fbebcac4951003bab35b2a7
SHA512

3ed01da04ac5dcaabd8a37f3d1c6acffa5aef731761f4a2140c37deadf3675d0d465667ead62efe1912166b0e59f45f7fe5f8713a3b5d60d70fd60355debe595
SSDEEP

24576:iBUpQvbszjw3UPLqY454m7vyeaNvPJFbPZcJ8hqwEXk:iBUivbszc3FP5L7+FrbRcPwik

Score

10^/10

Malware Config

Targets

- Target
  
  FACTURA 009-546#.r09
- Size
  
  820KB
- MD5
  
  cdaf40e7e2db27b1a3788248e40113dd
- SHA1
  
  59cc3578c43432b92c5dfbab748bc4d43f2162ee
- SHA256
  
  6afbc1781812f1b035bf50dc3a9fa694f84bd36e4fbebcac4951003bab35b2a7
- SHA512
  
  3ed01da04ac5dcaabd8a37f3d1c6acffa5aef731761f4a2140c37deadf3675d0d465667ead62efe1912166b0e59f45f7fe5f8713a3b5d60d70fd60355debe595
- SSDEEP
  
  24576:iBUpQvbszjw3UPLqY454m7vyeaNvPJFbPZcJ8hqwEXk:iBUivbszc3FP5L7+FrbRcPwik
Score

3^/10
behavioral1 behavioral2
- Target
  
  FACTURA 009-546#.exe
- Size
  
  901KB
- MD5
  
  acf72005feb7b290e54883318894d0c4
- SHA1
  
  773c4131bb80d19e3be7d7d10bc27263a25554e4
- SHA256
  
  b52eb07ea0f121ccccbc569c99bbecb121a212635ab21d7af7250a7fbb33e704
- SHA512
  
  ab2dbcb9c5a0e26a9a6ab65f6bf4bad366b91cab25460dab8bcd52814d07828ceaa98d7d47ddb6b94de1ecdec59025dc8013fc7703222dc6f578f2af45f55d5d
- SSDEEP
  
  12288:8Yh702iNpj3WqoL98eSZkaJtQqg5UDBXORb0mY9q4ehEK89fIDBE8ee2iODuxRp:O133WqoTiJm3COKmZ7J89fp8yI
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4