agenttesla

General

Target

c2ff9f433b86048529020cb22f7bea9e.bin
Size

1004KB
Sample

230504-cchesabe6v
MD5

b8a4eb390178430520d20f95fab8bf81
SHA1

d2eeef5f6604d145086c681e32dc5efa098d45f4
SHA256

59252b6a903a3601674663f41a8826b612d7bd6812c93151e7c1149e7232d046
SHA512

76e07ffa0ebc429d78f1537b685ceffd024d09db2b7beb47e173756ec67abccf8eaa685647af37dc4ae379369ab214059daef4f86a588fe004a9f37f1c7a08ea
SSDEEP

24576:g7Svl5jJE06/NMp+2iGshZu0gRdy5PFdB/ckai9YfIqV+x10XiRK3d:g78l5VSFMWGs7u0gwHowwiRu

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.expertsconsultgh.co
Port:
587
Username:
[email protected]
Password:
Oppong.2012
Email To:
[email protected]

Targets

- Target
  
  Purchase Order.exe
- Size
  
  580KB
- MD5
  
  ffb5ff978b543216e4b1317f7d9f97ef
- SHA1
  
  a220878a48495fd5b4addcbd6553ca782a403277
- SHA256
  
  b58e0980d53aa7891015a450f575a33f08a67c9b5f36674c2684d15ea78194aa
- SHA512
  
  0a4ad7253c94039187aa4fc805f963b4e2ebeabc8d13f84755bcacd23844be78cc6f0eda609bb09fadbb5ed64dbf16686d06bef1aa253951c6c5e3c12028ee77
- SSDEEP
  
  12288:gVdoVVzEig/V8YBCTGReneNbQjJ+mgeoQscaCqNBv:ooVdO/VaG0ObQt+miQs3H
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Purchase Order.exe
- Size
  
  580KB
- MD5
  
  ffb5ff978b543216e4b1317f7d9f97ef
- SHA1
  
  a220878a48495fd5b4addcbd6553ca782a403277
- SHA256
  
  b58e0980d53aa7891015a450f575a33f08a67c9b5f36674c2684d15ea78194aa
- SHA512
  
  0a4ad7253c94039187aa4fc805f963b4e2ebeabc8d13f84755bcacd23844be78cc6f0eda609bb09fadbb5ed64dbf16686d06bef1aa253951c6c5e3c12028ee77
- SSDEEP
  
  12288:gVdoVVzEig/V8YBCTGReneNbQjJ+mgeoQscaCqNBv:ooVdO/VaG0ObQt+miQs3H
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4