agenttesla

General

Target

30.03.2023_SWIFT MT 103_9078212345TRF.exe
Size

706KB
Sample

230330-kytzpsbh29
MD5

7f4bdf10b229dc6ac432937b3f786752
SHA1

09204b9e950f947240a37cdb0f2215b556398c3c
SHA256

07cbd8a3deb941e46404af8b1093168b4029ce8f36e4ec18844ede50268602e0
SHA512

0265568618d457c4eb226b76d81ec0e4c515a95cc5584476fd8d931a251e2607093698f9333bbe0548ee466e4daca6ad61b9a0383c907bc8b391921c555b4731
SSDEEP

12288:evf7CX984M74c9vU+q2Hl3ZaZgjMTwuWevgoMbmxSTvS/04lK0KimOMt+:e3l4M7r9cGH7qgokKvgD1YKimX

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.nutiribio.com
Port:
587
Username:
[email protected]
Password:
zGNVO(l5

Targets

- Target
  
  30.03.2023_SWIFT MT 103_9078212345TRF.exe
- Size
  
  706KB
- MD5
  
  7f4bdf10b229dc6ac432937b3f786752
- SHA1
  
  09204b9e950f947240a37cdb0f2215b556398c3c
- SHA256
  
  07cbd8a3deb941e46404af8b1093168b4029ce8f36e4ec18844ede50268602e0
- SHA512
  
  0265568618d457c4eb226b76d81ec0e4c515a95cc5584476fd8d931a251e2607093698f9333bbe0548ee466e4daca6ad61b9a0383c907bc8b391921c555b4731
- SSDEEP
  
  12288:evf7CX984M74c9vU+q2Hl3ZaZgjMTwuWevgoMbmxSTvS/04lK0KimOMt+:e3l4M7r9cGH7qgokKvgD1YKimX
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2