agenttesla

General

Target

dhlinvoicesexe.exe
Size

497KB
Sample

230710-xqzlfaec3w
MD5

458db1b1ab52d61dd2fb2497cc70ac59
SHA1

c47f36e2fc3e4843b593808eb64af71e4342f1dc
SHA256

bbe92250148bf9b32bec53cf78cabf792b87e8392d0dd4f2f1807ef11768f5aa
SHA512

3c0146350168f3e1c9758e2db61095468ff5e8dd6359a67f9a8a72d76d90b608d4f2768c0c218c8c0e427e9e76604a4cb432503b980fd836a3d15bf28be4dc0a
SSDEEP

12288:Si8hveShnhb/xayCkctVOh3dPs0+zmXyBR0h:n2veihVpceNk/zmi0

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6355250629:AAHAr7gX1mSxf1IMAp3x15W3qEDdDLxixsA/

Targets

- Target
  
  dhlinvoicesexe.exe
- Size
  
  497KB
- MD5
  
  458db1b1ab52d61dd2fb2497cc70ac59
- SHA1
  
  c47f36e2fc3e4843b593808eb64af71e4342f1dc
- SHA256
  
  bbe92250148bf9b32bec53cf78cabf792b87e8392d0dd4f2f1807ef11768f5aa
- SHA512
  
  3c0146350168f3e1c9758e2db61095468ff5e8dd6359a67f9a8a72d76d90b608d4f2768c0c218c8c0e427e9e76604a4cb432503b980fd836a3d15bf28be4dc0a
- SSDEEP
  
  12288:Si8hveShnhb/xayCkctVOh3dPs0+zmXyBR0h:n2veihVpceNk/zmi0
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops startup file

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2