agenttesla

General

Target

021dde3d8e8f0c8fa2fec8760b0f6e29d85bf2beb3a9c49902f20fc4ed462002.exe
Size

714KB
Sample

231202-k8pgzabc39
MD5

05e7f056cc047a522cc2f1593a7f1c4a
SHA1

2129143fea7010a8cf120629da20f4e8e8ffeada
SHA256

021dde3d8e8f0c8fa2fec8760b0f6e29d85bf2beb3a9c49902f20fc4ed462002
SHA512

c7b68cc72c7a9446e5f5054eedc28e0b3d66f01976df5bafd8a30217360c54cb8d932b46ca28d5905bea945e5c95e55c17e81f01003805bcbff7969868b2698a
SSDEEP

12288:T0dII+Ld/YsbZ2MenfeVNrBfpz4dkyYm+Cv+73qTtW:T0C9YCKeVNrBfpQkLmzO8

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.aksumer.com
Port:
21
Username:
aksumerc
Password:
211116.kS*-

Extracted

Credentials

Protocol: ftp
Host:
ftp.aksumer.com
Port:
21
Username:
aksumerc
Password:
211116.kS*-

Targets

- Target
  
  021dde3d8e8f0c8fa2fec8760b0f6e29d85bf2beb3a9c49902f20fc4ed462002.exe
- Size
  
  714KB
- MD5
  
  05e7f056cc047a522cc2f1593a7f1c4a
- SHA1
  
  2129143fea7010a8cf120629da20f4e8e8ffeada
- SHA256
  
  021dde3d8e8f0c8fa2fec8760b0f6e29d85bf2beb3a9c49902f20fc4ed462002
- SHA512
  
  c7b68cc72c7a9446e5f5054eedc28e0b3d66f01976df5bafd8a30217360c54cb8d932b46ca28d5905bea945e5c95e55c17e81f01003805bcbff7969868b2698a
- SSDEEP
  
  12288:T0dII+Ld/YsbZ2MenfeVNrBfpz4dkyYm+Cv+73qTtW:T0C9YCKeVNrBfpQkLmzO8
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2