agenttesla

General

Target

Consignment Notification-� 6183111.zip
Size

295KB
Sample

230424-hr3l6aca4x
MD5

8b760595c24ff8aceb610577411a8b81
SHA1

772f87606564a2f349e5efec8e44407cb88b560a
SHA256

052c8baec64bdb69962457500cb577de207c92903896237b75d46de84779f3ed
SHA512

1effc485cc6228ec256b4170beb6e2f232380748cb6970dafabd362827de8da8eb839cd94fd2d2e292ed79bf4478ba247fedbc9d53ecd01764748a208e666370
SSDEEP

6144:BYunZvJMcUEqfcd/dEu3wylA4IddSDh3/qHTeriBvjoIHGPar+y:BxZxza2U4SSV/qHTeripjnGyv

Score

10^/10

Malware Config

Targets

- Target
  
  Consignment Notification- 6183111.exe
- Size
  
  309KB
- MD5
  
  3bbcf22f8cdda7ffe88e218e93640225
- SHA1
  
  5faa9c42495a16dc9f431b2ea133b3db3b278b8a
- SHA256
  
  177bd7025804e5d3e84f7c864cd0049493297382a476d769c8979d4f3b56fc28
- SHA512
  
  d929809655006f91f91a058f54b5d624bbe235462928b79c2277adca8422bfe91247c4451055b61655ca39584b761490751024c72ddb537095e1600e4c7730b9
- SSDEEP
  
  6144:vYa6cwmkIYQMcUEqfcdZdEu3wylA4IfdSth3/qHTWriB/joI1GParhR:vYCSIYQzaOU4GSz/qHTWri1jVGy3
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2