agenttesla | e51a98a2c15615f46cd415365fff4a350f66fb2225d3ca8a7543dedda915bfc3 | Triage

Sharing

General

Target

e51a98a2c15615f46cd415365fff4a350f66fb2225d3ca8a7543dedda915bfc3
Size

624KB
Sample

231201-flte7afb8v
MD5

1fe2ab407729f2892fe38a2871ef3e59
SHA1

ecbb28be546c98fb60c7a2f1fab3074aed50f27e
SHA256

e51a98a2c15615f46cd415365fff4a350f66fb2225d3ca8a7543dedda915bfc3
SHA512

6e4c0a97df2e8ec55bb8173e4ff7979defcdf14a8b58f7a30db70998a40ccc16c4d16d5719d75edc8346d691d39a235ea3dd8097afe0004c6369c26932b96f2f
SSDEEP

12288:Ex1np9HkF2QZER/dBclvcnfgXbXnj1H1cpq8FxtUUhY1WUhYrZXZl:cp+ZEnBfYXz91cFxrhY1NhUXZl

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
EwQnrCo8

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
EwQnrCo8
Email To:
[email protected]

Targets

- Target
  
  B.exe
- Size
  
  676KB
- MD5
  
  efd1e7f9f2d9502c5b4879cb4f6ba765
- SHA1
  
  efbe91f6785af6529376cfe60354320df9a75ceb
- SHA256
  
  93e2033791b15d59db067f6cf052ba6e7ff1e1539390cf0f8b0c1c5bcd78d370
- SHA512
  
  22584da689ca4b0d99f05bc93991726ddf3c0f89621c68587626fda7e08f68b7f63f967df092b72b7a144e99f38c5b436046f7d6b474f6b50049a89b1b14ff6f
- SSDEEP
  
  12288:lCJZJUIwnqZVRXZLMlDcnngXNNnR1J1KHqub7XU0hY1qioGcNsWSurtoe:6ZJYmLLRgXrZ1K173hY17gs5urj
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan