agenttesla

General

Target

JULY_ORD.EXE
Size

658KB
Sample

230713-q1n45agh82
MD5

053a24723e63a239bfe888d416882e82
SHA1

fe99b710087d85aaa1d7df69484abbe43ea76bbc
SHA256

c534bdf0dbce6d4ae61450892f0210419cccc8285cab1c42bacd01077d394b62
SHA512

71f52fc455770af59ae1b67bc706de9a6de3c4ac438f3300fc962d6a1b06bc28473215f112c99ad6d7a8edc4d3d0b522a043cc01669cff78af106abf08f1a8e1
SSDEEP

12288:Lx9xR5AITvJYjXaiUp/BrUpk6MCFRRRCvfQbxJiEbV2M9iOhB290oCdWEK:Lx9xDAqvJ0Xc/+kPfQ1JhgMThBc0n

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://brdm.cloud
Port:
21
Username:
[email protected]
Password:
%=!$*]0dPO8!

Targets

- Target
  
  JULY_ORD.EXE
- Size
  
  658KB
- MD5
  
  053a24723e63a239bfe888d416882e82
- SHA1
  
  fe99b710087d85aaa1d7df69484abbe43ea76bbc
- SHA256
  
  c534bdf0dbce6d4ae61450892f0210419cccc8285cab1c42bacd01077d394b62
- SHA512
  
  71f52fc455770af59ae1b67bc706de9a6de3c4ac438f3300fc962d6a1b06bc28473215f112c99ad6d7a8edc4d3d0b522a043cc01669cff78af106abf08f1a8e1
- SSDEEP
  
  12288:Lx9xR5AITvJYjXaiUp/BrUpk6MCFRRRCvfQbxJiEbV2M9iOhB290oCdWEK:Lx9xDAqvJ0Xc/+kPfQ1JhgMThBc0n
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTeslaV4
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTeslaV4

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2