agenttesla

General

Target

SecuriteInfo.com.Trojan-Spy.Keylogger.Snake.23251.26612.exe
Size

679KB
Sample

230328-cx1f4age79
MD5

673e2ecfd22ac29bdd80c0f6174a7d21
SHA1

d1b0b95fed88562bca215e04799f426ae63fb157
SHA256

120623ba7db0aff809f92ba166a384206c2fa77586f294545d2ba3ca4fe497b5
SHA512

c1e2dedceeea00a4d7dc0f711ff9c6f22142593f7202955c9b18d587c32cf6dbbd63fcb702855bfd7584148708902eaa59ebc243932b5d80cc3a665044faa41a
SSDEEP

12288:cte96xHFU0teCyfeYUCDLk27xn8Ru14eVEJ3L41HcNSB:Ee9AdeCULn+uChg

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
origin5mtp@yandex.com
Password:
exsdqceuklyvsavo
Email To:
origin5mtp@yandex.com

Targets

- Target
  
  SecuriteInfo.com.Trojan-Spy.Keylogger.Snake.23251.26612.exe
- Size
  
  679KB
- MD5
  
  673e2ecfd22ac29bdd80c0f6174a7d21
- SHA1
  
  d1b0b95fed88562bca215e04799f426ae63fb157
- SHA256
  
  120623ba7db0aff809f92ba166a384206c2fa77586f294545d2ba3ca4fe497b5
- SHA512
  
  c1e2dedceeea00a4d7dc0f711ff9c6f22142593f7202955c9b18d587c32cf6dbbd63fcb702855bfd7584148708902eaa59ebc243932b5d80cc3a665044faa41a
- SSDEEP
  
  12288:cte96xHFU0teCyfeYUCDLk27xn8Ru14eVEJ3L41HcNSB:Ee9AdeCULn+uChg
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2