agenttesla

General

Target

5b5381751013c31e8c08e428719cd3921a04cee5c623afc80bdd9bb61184bac8
Size

301KB
Sample

230807-cs2hlaec8t
MD5

41279bcbfec0ec860dd662ea72006150
SHA1

06a32a46b9f2c49766f7f559c267571277fa6b7d
SHA256

5b5381751013c31e8c08e428719cd3921a04cee5c623afc80bdd9bb61184bac8
SHA512

83ac2355c10bfc0c5a3eda87b243069b1a5bb3d84079a1d4e82a5da917b4c97799ea30be8eab6f8598768d62b2c73cb2ecfc46ae59dca3e17a6befc234e10154
SSDEEP

6144:/Ya61fAcGUqFKEi33DnhflyfeqR6SKvGChol6/lj:/YHZGrKEw3Dn7jqR7PCWe

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.elec-qatar.com
Port:
587
Username:
[email protected]
Password:
MHabrar2019@#

Targets

- Target
  
  5b5381751013c31e8c08e428719cd3921a04cee5c623afc80bdd9bb61184bac8
- Size
  
  301KB
- MD5
  
  41279bcbfec0ec860dd662ea72006150
- SHA1
  
  06a32a46b9f2c49766f7f559c267571277fa6b7d
- SHA256
  
  5b5381751013c31e8c08e428719cd3921a04cee5c623afc80bdd9bb61184bac8
- SHA512
  
  83ac2355c10bfc0c5a3eda87b243069b1a5bb3d84079a1d4e82a5da917b4c97799ea30be8eab6f8598768d62b2c73cb2ecfc46ae59dca3e17a6befc234e10154
- SSDEEP
  
  6144:/Ya61fAcGUqFKEi33DnhflyfeqR6SKvGChol6/lj:/YHZGrKEw3Dn7jqR7PCWe
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2