agenttesla

General

Target

LfhxrETRRGxerZerexgfCtex.exe
Size

274KB
Sample

230418-1abffsed89
MD5

637e3496384188cc88c9de07f82dacce
SHA1

5a546bec7bb3daaa1806bf69a1a0191db079bb5e
SHA256

60c9b621b11318526760b148c7abb264f6b1be5202d5fe9e5833aa744c4cc401
SHA512

7730fe6dd6e38314e54e72483aec3dd31869414b7fd63f9a742a8b523020747d6b93c1a3c74d09b4cb66aed6694a1c312aefae5a9c5aef9c453c8e0ab5502371
SSDEEP

6144:RXq2Wvc82rFAolO2har7mvDVN0WaIBDy0O12udoEUA:aUTRjZJa2DwldE

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pushkinworld.us
Port:
587
Username:
[email protected]
Password:
Wsxokn@123
Email To:
[email protected]

Targets

- Target
  
  LfhxrETRRGxerZerexgfCtex.exe
- Size
  
  274KB
- MD5
  
  637e3496384188cc88c9de07f82dacce
- SHA1
  
  5a546bec7bb3daaa1806bf69a1a0191db079bb5e
- SHA256
  
  60c9b621b11318526760b148c7abb264f6b1be5202d5fe9e5833aa744c4cc401
- SHA512
  
  7730fe6dd6e38314e54e72483aec3dd31869414b7fd63f9a742a8b523020747d6b93c1a3c74d09b4cb66aed6694a1c312aefae5a9c5aef9c453c8e0ab5502371
- SSDEEP
  
  6144:RXq2Wvc82rFAolO2har7mvDVN0WaIBDy0O12udoEUA:aUTRjZJa2DwldE
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2