agenttesla

General

Target

202312056738819991.cab
Size

543KB
Sample

230512-rlgl6sfe9s
MD5

020f986ac3ab78eaaf96c5c3cd1ffe9a
SHA1

e6868b55afbc3279ae4cd81ae9a9528ac2063b99
SHA256

ab3a14156bf77a335fa00fddeeb80393948d4ddf79c3b69567cedb1446d2d47b
SHA512

c8b0e2a5c2536ed083a6017e4426c8e0c1780214f0cf0c5f0abb89da747bac3a044bb793bfdec01b0a7b55ed65a3f67f53afdb6d66e2fe581363aeea518045dd
SSDEEP

12288:w2UNUXykWdQhHaO9U/5xq0OtpCnXu5AIHh1ffZbvIldVSzjWXWbB:w2UKXykWdQhj9UBH+5IldVUjX

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5798024834:AAGLHTcPdLDij7ehMoasiBZDz8oodefEy0E/

Targets

- Target
  
  COCAzzeZ6x9Wl4s.exe
- Size
  
  618KB
- MD5
  
  68b5135a9c650f960d63ba7a72171cef
- SHA1
  
  4d6df7a7614241a16da91a7adfaf9b221fd1d459
- SHA256
  
  4dd61508d7da8e65625587543e0ee0ec49e848a45999ee148c9ca1a6bd1a419f
- SHA512
  
  e2cffbf699b6d795a9c1e2612b21efa95c32f8b0dde2f0078e5edbe145eee187b169e572c0dc5d395772bf7fbcfc4c73be89ad77444f5c70fa33cbcef27f063a
- SSDEEP
  
  12288:+c8whh2Y4YxPdQhX7Fw9HvubAIQh1lfzbvEldV99NCeDwTAVO:78whh2gPdQhXZAm0EldV99nwT9
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2