agenttesla

General

Target

866449259001c84fcbdf518e90778328c048f87bbe98ba374b949af951e86030.exe
Size

676KB
Sample

231202-ll8srsbe67
MD5

4119497e585d3a6b2ad56e26ea7420e3
SHA1

4e7d8c8e38679d8afe579ad6e3bd4d56fc57cdf7
SHA256

866449259001c84fcbdf518e90778328c048f87bbe98ba374b949af951e86030
SHA512

7e1aa5b6e9a892a7b0ca4737885fb42d8f25f37ac647cbfcca2bbc89e5de93d350598770ae06c29fc6047b05f15240f0841f5a6f4dbc49110fe86601c47ea808
SSDEEP

12288:lCaZJZIUGmDq+Hoc7BKhmolAYecsAf+85g3bp4/4U:tZJp2FdlAYecsGpi3bpO4

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.royalwealth.space
Port:
587
Username:
[email protected]
Password:
sQxM4AdAZ5kY7As
Email To:
[email protected]

Targets

- Target
  
  866449259001c84fcbdf518e90778328c048f87bbe98ba374b949af951e86030.exe
- Size
  
  676KB
- MD5
  
  4119497e585d3a6b2ad56e26ea7420e3
- SHA1
  
  4e7d8c8e38679d8afe579ad6e3bd4d56fc57cdf7
- SHA256
  
  866449259001c84fcbdf518e90778328c048f87bbe98ba374b949af951e86030
- SHA512
  
  7e1aa5b6e9a892a7b0ca4737885fb42d8f25f37ac647cbfcca2bbc89e5de93d350598770ae06c29fc6047b05f15240f0841f5a6f4dbc49110fe86601c47ea808
- SSDEEP
  
  12288:lCaZJZIUGmDq+Hoc7BKhmolAYecsAf+85g3bp4/4U:tZJp2FdlAYecsGpi3bpO4
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2