agenttesla

General

Target

REquest For Quotations62382352934027945.exe
Size

1.1MB
Sample

230309-rpxgssbg2s
MD5

9850d0bb9b12f8fd2c5a8d36505d8344
SHA1

33bdb4d051a197cb8eaeff5eb7b3dd0c0b054f25
SHA256

7d0df4a5c66045f3a5291234e99960dee0bf9acbafcd25312084e39ff33f8024
SHA512

896e798b2fa116ed042d3d241d1f780c6d85d22317862594ca714007bff110bd8f96d84f749f4e790ca08c180157603de3af4f25955227e48f5de901a72b0dc3
SSDEEP

24576:LuOZ6wGkB+e9uf8mSYOT7QRoF+NxZhuKFZ65B:uDOTD8xZ3FZ65B

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
HNnNLPY3
Email To:
[email protected]

Targets

- Target
  
  REquest For Quotations62382352934027945.exe
- Size
  
  1.1MB
- MD5
  
  9850d0bb9b12f8fd2c5a8d36505d8344
- SHA1
  
  33bdb4d051a197cb8eaeff5eb7b3dd0c0b054f25
- SHA256
  
  7d0df4a5c66045f3a5291234e99960dee0bf9acbafcd25312084e39ff33f8024
- SHA512
  
  896e798b2fa116ed042d3d241d1f780c6d85d22317862594ca714007bff110bd8f96d84f749f4e790ca08c180157603de3af4f25955227e48f5de901a72b0dc3
- SSDEEP
  
  24576:LuOZ6wGkB+e9uf8mSYOT7QRoF+NxZhuKFZ65B:uDOTD8xZ3FZ65B
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2