agenttesla

General

Target

f1c0ce5d37364862798e7e11817f3544d72847e1bffd46723f51df8504796afd
Size

319KB
Sample

230206-red8gaec24
MD5

0494a68d7135560a50c02f4c4b6ad18f
SHA1

84338aa1637299d93358f0e1d842932358d07093
SHA256

f1c0ce5d37364862798e7e11817f3544d72847e1bffd46723f51df8504796afd
SHA512

f5b5af135ee9b69a9e9ec740cd8d2cdac082b8dcc0a7cb81168076f849632c7423c845e998dd7c77b164bba2f08fadd434adae280aa8717f19baac359c7601bd
SSDEEP

6144:vYa6nfiMr0Cxya0QuwyhA0AUZOE7Zj50ZUonaM4O2im59x+skSCR0/rEOh:vY9FyavQA4wE7Zj5dyaM4O2im59L/CRY

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1060497255888605185/YygDHRiwYqCp3BheuMa5Zliz-2yRI2G-aeR8nFUp8XCSIhCp4S0uU66B1TLkMA0rIykw

Targets

- Target
  
  f1c0ce5d37364862798e7e11817f3544d72847e1bffd46723f51df8504796afd
- Size
  
  319KB
- MD5
  
  0494a68d7135560a50c02f4c4b6ad18f
- SHA1
  
  84338aa1637299d93358f0e1d842932358d07093
- SHA256
  
  f1c0ce5d37364862798e7e11817f3544d72847e1bffd46723f51df8504796afd
- SHA512
  
  f5b5af135ee9b69a9e9ec740cd8d2cdac082b8dcc0a7cb81168076f849632c7423c845e998dd7c77b164bba2f08fadd434adae280aa8717f19baac359c7601bd
- SSDEEP
  
  6144:vYa6nfiMr0Cxya0QuwyhA0AUZOE7Zj50ZUonaM4O2im59x+skSCR0/rEOh:vY9FyavQA4wE7Zj5dyaM4O2im59L/CRY
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2