agenttesla

General

Target

979604526e37a1e1712e2cbbca12ede0.bin
Size

524KB
Sample

230819-b7t7dsha6x
MD5

87b8ffaa7c7ae6b27b1035edb2e6c0e9
SHA1

0a0b58f7f4f506be3e07b8a39514052e253caf1e
SHA256

0bac87011e89f7243bf6b00d0f33ad4768c7d1318fd5d237c7695c03ea1c0c63
SHA512

50d61e747a936bb216013a6a53a478e31df82006d7c97b07417a2398c0405ea944244e327151bbd3fd8fafdf7c514a322242bacbd937640093bd040af903572b
SSDEEP

12288:A6ACd+35bCgCNDZwCm5xgHPajhn9NIlZIaTh:S2i5OgjzxJhIJh

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Targets

- Target
  
  b3eefb7225c8437ba7e9c6800ffdc0f2bb42225246bc7cc4944ba343b40459dc.exe
- Size
  
  547KB
- MD5
  
  979604526e37a1e1712e2cbbca12ede0
- SHA1
  
  a85451871d03c941cf509033dc060b1c44f7c658
- SHA256
  
  b3eefb7225c8437ba7e9c6800ffdc0f2bb42225246bc7cc4944ba343b40459dc
- SHA512
  
  fd8e21def0de23d1da74df6784a4a0891d80166b15cd3e6a397098bf52ce675021c755ea6f91038305315407a54ddde352b42cd38548b12e3903cfc755952af8
- SSDEEP
  
  12288:Z0Dl+C42xjWm2pmnAB8Gb5wf/dD+Q0Hu6g2HuNq3wd2enNK:miknonwF+pHd0Qwd2M
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2