agenttesla

General

Target

23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4
Size

664KB
Sample

221130-nj1qgsfc33
MD5

f8857a64b973b12cdc68985961cb980a
SHA1

72791e9f39b2d4612f040577877b55d6434ea284
SHA256

23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4
SHA512

00e370233330bf09f329106ad22f7dc6b19ef8214bfc859fcc00f10cc735fb524de1f5f7f713a2feb51de79c4cd695434abef2db5db2ae3702ab5985218871b5
SSDEEP

12288:T+qXxe/pcwNQZC7aBGPKDhFiVfYlpywfy9PSSCeR4uhO+X1Xgr2A:T+Wxe/aCQBtfiV9RSSzR4uY+X1O2A

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5380301623:AAEiiAoD9x5hD8Dpz7EhZFXpW2UQGzFYtzs/sendDocument

Targets

- Target
  
  daz94JmJvuHJjXT.exe
- Size
  
  801KB
- MD5
  
  3b88fad4833387097746731328746363
- SHA1
  
  4bde8f848ff800fa54b10f1bc785824e63a9d8b5
- SHA256
  
  8d75529a8c51cb0ba57f63afe69cfbb3af95c5087946ad4de20634c86a5abf3c
- SHA512
  
  8853883b67056bdbc3fa5fe7f286568887a3dbc8ca335d6234b65867c2dba35f9fa9d9685667ddd0ee98c0a4eeaeefbd2fc6eb51c27700fec721ce3b12198f54
- SSDEEP
  
  12288:E0e/vMu/hc9qmxrR08P+vMhpfCzF4Isk5xoGXBD57SqaxP+bgnEt5dD0MUH:i/hclxrRx+vYfCzaMZz7SZxPO+43u
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2