agenttesla

General

Target

ff76b90a270e74738c7922377a4b7392226d174f6c8aaa258fd85a87baa6c779
Size

703KB
Sample

231127-rdxcnagh86
MD5

b59b5e5a6f71c4d9a861320343aaabd7
SHA1

4643b7e894036b92d0ec565d6bd5459ff0542b49
SHA256

ff76b90a270e74738c7922377a4b7392226d174f6c8aaa258fd85a87baa6c779
SHA512

c164ebd2ae9b0debd3a30cb2f553f470e42061f2e5b1ac6860a3c0aa0fabc9d8613d9a64a94a04beb9a1e61e413d191376bd49d05cea4fa94a13b90a6ac9b168
SSDEEP

12288:hBmtcAa8+WQNB021zEt9AoNNjiITMlW8eEtZ4gezTbkAEUumqqwrzpHxC+y9G6J6:zlA2BdzQ9FNFgleq4gezTgSTqqwrzpRj

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
EwQnrCo8
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
EwQnrCo8

Targets

- Target
  
  B.exe
- Size
  
  732KB
- MD5
  
  0dc6ce439af7c477df6e4fceb307344f
- SHA1
  
  d1f1775cbbe72152f52a427b51a8766ae518bb55
- SHA256
  
  e88c2a446b6f0a804ac431eaeb2a2d03abbdd01b771f9d1f4f7027107859fc7c
- SHA512
  
  ef1c6538a64c6588e95b4865512615c61b07565b3061b2244efe559ce366864b283eebc04101f194c1ffbedf8b250141dbf3c0342f8736f1014ebff7800e0f9a
- SSDEEP
  
  12288:OLyzd7BR6wTbwrQNnwa1zEHPv/3mCI0FtsJ1d+AmVuUuMqwkLzpRxYA3eYQPFHF:OLyzpBHwinrzUv3/sEAmnTqwkLzp7YY2
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2