agenttesla

General

Target

854CC0F842D4859CBCA2E39C979BF3FEC8A6D5E051B5A53C86286F8E8FD85A67
Size

700KB
Sample

230314-rt355shh3w
MD5

1b6f9268188aad2cc59e677516a3f277
SHA1

8b48baba5904d58f2e973f7fe7a434776d1d6ba2
SHA256

854cc0f842d4859cbca2e39c979bf3fec8a6d5e051b5a53c86286f8e8fd85a67
SHA512

dfbb5cbdaec1b1ef233953efc21c62212c4986e368dd4901abd1118d03b634ce48a0682f1db5f40cd3dec345c2a812fe47960ca34dadb285368222a7ddc843c5
SSDEEP

12288:w6HB1LACXPRJtAttAA/dIDgASY+40UZwX/2E/ZABekcCIdENd0HpwCTqbDoZP8jt:ZH7ACXJJW5AgASY2UZs2E/yBnlIdsdgS

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
beracas.com
Port:
587
Username:
[email protected]
Password:
W4})=!Y3iN3r
Email To:
[email protected]

Targets

- Target
  
  orden-PO-23-016124.pdf.exe
- Size
  
  1.1MB
- MD5
  
  24d8621ee7b70a6a24925601483e87b3
- SHA1
  
  23a301dc6e66cc130e0058b5f4750764b534099c
- SHA256
  
  1ffecb8a3412fd17b26039c365fb064e79b95f63bf90d91960d6899d9d433c5e
- SHA512
  
  1ef22babb12b993ae34c9ed113ac8f5a844757aa4b6e44628566bc6f0aef622f75392f3953455a813afa209673e07dd66317f594005f9d18ece538d2456dc5a2
- SSDEEP
  
  24576:8lzK0pQ0s5DxINyRbk5MNyN3LALuhdugI8dnjMFct2j:85ZpQP2NyRbk5130qdug7djC
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2