agenttesla

General

Target

PURCHASE ORDER.zip
Size

381KB
Sample

230216-p3gmdshb8t
MD5

2cef92fcd50d57952eddda55222bc29f
SHA1

a7b89834422a13030cf76e341a35ef33075ebbf5
SHA256

6991faf79c628d50dbd139f281c43bab222ac7e95294a9875b96eb7fcdacaa1a
SHA512

c2e255b2fb561663aacbfa02907c5806e1d9c01bc2f6ea7ae42b250d40acd495de00ef1e35211416e3b19870ea5f86f39ef50b6d32fc8e39132bab93f111d0e7
SSDEEP

6144:ISt9N9UEWE3oo8/VPNIaMUCpWqTpBG2gRyn3Kyqia5q0a0p6+y/UTtC/MOZ8b:htqEW4obVFnM1K2gon3gi0q0vp6+rTI+

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
focuzpartsmart.com
Port:
587
Username:
[email protected]
Password:
FpmJhn@2023
Email To:
[email protected]

Targets

- Target
  
  PURCHASE ORDER.exe
- Size
  
  396KB
- MD5
  
  cfc2c744cf64184b7b3881e2e890fee1
- SHA1
  
  3d5e24bdea151776947c6332f6352d8243c01c84
- SHA256
  
  0271087f4a8d83387ba502d987722d40d40dc8109972a3e4e199ca122648e8a9
- SHA512
  
  43e37e6fa0395949fc8338a66d0577af053e797a8cae3545e475dfd65ec4335266698f079cb6c44051497d1007baeafecc24e87a08a8cb9c5d243cb1a13bc2aa
- SSDEEP
  
  12288:vYJUlEa40pVf94PmGgor3Cimq0Ff6+TT4m4jD:vYJzaVfqg4mfRPTEmC
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2