agenttesla

General

Target

B98EA345C0AAE88DE6EF12837AA60F136AAEC0E009ACEDD6571DECF901F9764D
Size

655KB
Sample

230104-tmh8hagg58
MD5

52bc43f9a678f822a980add3c4619528
SHA1

8167b2c013b0d8a9b770fb928a5850f7743e9b50
SHA256

b98ea345c0aae88de6ef12837aa60f136aaec0e009acedd6571decf901f9764d
SHA512

38ef709a18165af8a31197aa29f4779cb67d187c7b7f1c2a888f9d57b6fa9f6c1da249efb6fe4b98f3ddf3b38c2174df78c3abf6185bebf58fc7c7fd9a0edd31
SSDEEP

12288:5Tc4GqMzuSK7rATm9ImEiNtL56endoRHtiFtjVSR33Zh8eAovAx:5T7hMzuSaXzLMendoFT3TAoIx

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
TLH2019.hnvigil

Targets

- Target
  
  pago 0595757.exe
- Size
  
  841KB
- MD5
  
  048878ab30820089d86cd9ca57fa06c1
- SHA1
  
  270920bc367d2fb15d79f5a9476e01d7ee6a6d55
- SHA256
  
  5ce64354375067242e9a9e747d13dca72855d6a7730954097d2c5a4bd002efbd
- SHA512
  
  8c9bee6614687eab28f91b8a8ff1fe560b6669ecd2d6c1df2c01f7e9e9c1fddac77d502499c81011779cee8b38aae5db62b1b7df04b4082a5d7d76af77b0a72b
- SSDEEP
  
  24576:nr18+L74mBfNUstzoE19AE7dOU3V3r8JN:nrF19AgdOU3VI
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2