agenttesla

General

Target

648380c95e6e92c66b364357f81403d7
Size

807KB
Sample

221208-bhm2sabf5t
MD5

648380c95e6e92c66b364357f81403d7
SHA1

c22c5b9dc3be85ca144aad06979664c7a2a0dbb7
SHA256

54162b2492854a0e858585f2a024c3ef7d7d160b91e21d7ec922d4a751ae0c5d
SHA512

468637f660636a670c80c530f3220b3fc93643c9978053eabf0d041fa470d4957d99781b26755de7621e90ddc374ef97f6ad8e78dd8a8debeb013841f6c08a0d
SSDEEP

12288:Y6Dsz+aDCkVDjJpVBzbLuhd9g48J6Z9Fh/RbRrFrYIxm9jeBWvsmbifcPvT+:YE2VDjJdzPuhd9ao/bJYIYjeIzOfc3C

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.chabiant.az
Port:
587
Username:
order@chabiant.az
Password:
OOrder123456!!!

Targets

- Target
  
  648380c95e6e92c66b364357f81403d7
- Size
  
  807KB
- MD5
  
  648380c95e6e92c66b364357f81403d7
- SHA1
  
  c22c5b9dc3be85ca144aad06979664c7a2a0dbb7
- SHA256
  
  54162b2492854a0e858585f2a024c3ef7d7d160b91e21d7ec922d4a751ae0c5d
- SHA512
  
  468637f660636a670c80c530f3220b3fc93643c9978053eabf0d041fa470d4957d99781b26755de7621e90ddc374ef97f6ad8e78dd8a8debeb013841f6c08a0d
- SSDEEP
  
  12288:Y6Dsz+aDCkVDjJpVBzbLuhd9g48J6Z9Fh/RbRrFrYIxm9jeBWvsmbifcPvT+:YE2VDjJdzPuhd9ao/bJYIYjeIzOfc3C
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2