agenttesla

General

Target

3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
Size

355KB
Sample

230207-bcg9cagg56
MD5

e95980e4715a5954354a424d5bdd02c0
SHA1

e72c54b9635ff3704aaaba011838f5f63b22aa24
SHA256

3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
SHA512

76b14a6c5c2bf936980be636ad19e018eee4ce510e1463b81c5366c35b2ef31d9c9e3ebc29144530bfddad4fb0c929d1605983c4b20f114bcffa47b3652294c8
SSDEEP

6144:qSwXTsi2f806NfZByBLFJwDtIUUy0zRukgHrzR139Yo0ti:qjAi2k1lZBiLf2S5Ek0zsi

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.mgcpakistan.com/
Port:
21
Username:
[email protected]
Password:
boygirl123456

Targets

- Target
  
  3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
- Size
  
  355KB
- MD5
  
  e95980e4715a5954354a424d5bdd02c0
- SHA1
  
  e72c54b9635ff3704aaaba011838f5f63b22aa24
- SHA256
  
  3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
- SHA512
  
  76b14a6c5c2bf936980be636ad19e018eee4ce510e1463b81c5366c35b2ef31d9c9e3ebc29144530bfddad4fb0c929d1605983c4b20f114bcffa47b3652294c8
- SSDEEP
  
  6144:qSwXTsi2f806NfZByBLFJwDtIUUy0zRukgHrzR139Yo0ti:qjAi2k1lZBiLf2S5Ek0zsi
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2