agenttesla

General

Target

3EI-QTN-2023-615.exe
Size

781KB
Sample

230616-e4yl7acg78
MD5

901a8b668a797004226658495f79f9c0
SHA1

04e2d3790fa8c0eee9193cc680c5ad6b63e0624e
SHA256

8c87e92f4606b57b1292de938a18cc24e181b521092b17800f8909eb9e135c13
SHA512

25777321b513f8e7704262d2a3f4b460b879024ed03559935352ff5590958d65b549de74a9b577d2b40c21ad1f39cd5b5dec798c2e13303a26b0cb31d3e16ffd
SSDEEP

12288:BN6fNa2iNx5LbzIu9+r932acXnI7UJ6eqoifRv1ZmOTKQL2X0E8da2bg4aQ:ga1j5LA9oI7UR9WZmOTKQL2X0pLgm

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mbarieservicesltd.com
Port:
587
Username:
[email protected]
Password:
*o9H+18Q4%;M
Email To:
[email protected]

Targets

- Target
  
  3EI-QTN-2023-615.exe
- Size
  
  781KB
- MD5
  
  901a8b668a797004226658495f79f9c0
- SHA1
  
  04e2d3790fa8c0eee9193cc680c5ad6b63e0624e
- SHA256
  
  8c87e92f4606b57b1292de938a18cc24e181b521092b17800f8909eb9e135c13
- SHA512
  
  25777321b513f8e7704262d2a3f4b460b879024ed03559935352ff5590958d65b549de74a9b577d2b40c21ad1f39cd5b5dec798c2e13303a26b0cb31d3e16ffd
- SSDEEP
  
  12288:BN6fNa2iNx5LbzIu9+r932acXnI7UJ6eqoifRv1ZmOTKQL2X0E8da2bg4aQ:ga1j5LA9oI7UR9WZmOTKQL2X0pLgm
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2