agenttesla

General

Target

DSG2011001_INV+PL.zip
Size

313KB
Sample

230208-qzrhvsbb92
MD5

d8166cc8424352c445ac8ad3842ac9f2
SHA1

13c74776d2d3362192c5afca0ea8882d4c9d6d41
SHA256

9152d157feb2720a061370f67e54e2e772a220e0f5128df607d05c6e709ee1d6
SHA512

3478a09be8c2896e1e244546bbc258b64ee380ee60ec9a5dced6cfbb56ab3de62a19eec52e8c136ee6af5ad388a009bed68db33b0d2729d28e145b7f496e9726
SSDEEP

6144:5St9KTcYebyHPY5usr/AlQuIECyoDZ2b/U6kQPSmwZ6iDyAWY608Koy1a5kno:EtYcYW8PYPAQuJ3os8fZTiY60StJ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
focuzpartsmart.com
Port:
587
Username:
[email protected]
Password:
FpmJhn@2023
Email To:
[email protected]

Targets

- Target
  
  DSG2011001_INV+PL.exe
- Size
  
  327KB
- MD5
  
  0fba3624c37c7fdc6114da8953957cdd
- SHA1
  
  398be64a0d6a03c814f43585e31717517d055384
- SHA256
  
  9b5c3c9ea67248603ff93f97602bb0edcd66d702b00c3d08566528e3acdf073e
- SHA512
  
  bfa6937a618bcfc84a9321e5d801a4591785a4dd2be8ef68bd09d566b5a8812190212e000111373514afdb42820eca62bef414e99390effcf25bccb6a4a53dec
- SSDEEP
  
  6144:vYa6J/CbqebyHfYlusr/AlQWIE4yoDH2bhU6k+PSYwB6KDgAWY6U8Koybk5kp4:vYbNW8fYbAQWJFoqslBNcY6USBF
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2