agenttesla

General

Target

ca8fa28e5c22ef181ad92a37942b3afe6016700b
Size

844KB
Sample

230203-x3zrzadg2z
MD5

30e993cc05c9c2c17e1daebd3f0e3578
SHA1

ca8fa28e5c22ef181ad92a37942b3afe6016700b
SHA256

d55ed6edc1d88b77349bc30c36e8796e0fd1495f36b565c9300dff667860ce44
SHA512

ba10ff8ec012b913b5680170304c386f8904069d67b13efe4d28a0ef9c55c9c12a0be1fd2714c26b3f6fe639bf4ac8663bdb44c7bd508572af67743766a78aab
SSDEEP

24576:T1dH+AdHALvnP+/J8H49P6F0xMpqG4yPa:TPHrdHCP+/Ji4cWiq

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.btlntcrnet.com
Port:
587
Username:
[email protected]
Password:
Gosky080$

Targets

- Target
  
  ca8fa28e5c22ef181ad92a37942b3afe6016700b
- Size
  
  844KB
- MD5
  
  30e993cc05c9c2c17e1daebd3f0e3578
- SHA1
  
  ca8fa28e5c22ef181ad92a37942b3afe6016700b
- SHA256
  
  d55ed6edc1d88b77349bc30c36e8796e0fd1495f36b565c9300dff667860ce44
- SHA512
  
  ba10ff8ec012b913b5680170304c386f8904069d67b13efe4d28a0ef9c55c9c12a0be1fd2714c26b3f6fe639bf4ac8663bdb44c7bd508572af67743766a78aab
- SSDEEP
  
  24576:T1dH+AdHALvnP+/J8H49P6F0xMpqG4yPa:TPHrdHCP+/Ji4cWiq
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2