agenttesla

General

Target

Invoice & Packing list.exe
Size

267KB
Sample

230306-q6ywhscf43
MD5

f8b5f953fff3d297c2019ab082e88ffd
SHA1

ebd517b6c7a6f3101f077cd217eec2c1f55c50d6
SHA256

407a3b446f6394fe028e808af4a5e57bcb9a3b351858290abeef7fa1213bd712
SHA512

5144121b2b7c1bab651c107aee7979f0185ac659f23db8a7e17c6df845997b2d3d6cd05142b0b32fb71f5555d1114e3c1c1da81756aa0852942821242a67882d
SSDEEP

6144:PYa6clxmqqQBkUuPjPUgDmMaXk+Jlgs/kDP/CinRm7liGXjANq:PYCPzqQB1u7PUgcXLMLjnoiijAQ

Score

10^/10

Malware Config

Targets

- Target
  
  Invoice & Packing list.exe
- Size
  
  267KB
- MD5
  
  f8b5f953fff3d297c2019ab082e88ffd
- SHA1
  
  ebd517b6c7a6f3101f077cd217eec2c1f55c50d6
- SHA256
  
  407a3b446f6394fe028e808af4a5e57bcb9a3b351858290abeef7fa1213bd712
- SHA512
  
  5144121b2b7c1bab651c107aee7979f0185ac659f23db8a7e17c6df845997b2d3d6cd05142b0b32fb71f5555d1114e3c1c1da81756aa0852942821242a67882d
- SSDEEP
  
  6144:PYa6clxmqqQBkUuPjPUgDmMaXk+Jlgs/kDP/CinRm7liGXjANq:PYCPzqQB1u7PUgcXLMLjnoiijAQ
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2