agenttesla

General

Target

2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
Size

812KB
Sample

231205-whtvjsea86
MD5

b85ce469aaa9172dbb48de3a9146360e
SHA1

0c7b828082aba36cda6a8a71dedd48ced45599d1
SHA256

2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
SHA512

139990dd7a306096afed9907cd8db117e86b6e94383d8f1a9b3d1b16c4f65f6627d7bf7dee840483e0dee768a5ed0d43c4abca10f8ca19724eb6848dfd616750
SSDEEP

12288:9WpbtW8G34/uK45+po2VmuHEEA4vnM6Zz+E7SAlVPpXPR3OknnIkzSmNunG:N34/up+pJUuxA4v5zf/HBXPR3XnXumN

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kanya-mittaphab.com
Port:
587
Username:
[email protected]
Password:
E81ZbeDb]r]+
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.kanya-mittaphab.com
Port:
587
Username:
[email protected]
Password:
E81ZbeDb]r]+

Targets

- Target
  
  2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
- Size
  
  812KB
- MD5
  
  b85ce469aaa9172dbb48de3a9146360e
- SHA1
  
  0c7b828082aba36cda6a8a71dedd48ced45599d1
- SHA256
  
  2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
- SHA512
  
  139990dd7a306096afed9907cd8db117e86b6e94383d8f1a9b3d1b16c4f65f6627d7bf7dee840483e0dee768a5ed0d43c4abca10f8ca19724eb6848dfd616750
- SSDEEP
  
  12288:9WpbtW8G34/uK45+po2VmuHEEA4vnM6Zz+E7SAlVPpXPR3OknnIkzSmNunG:N34/up+pJUuxA4v5zf/HBXPR3XnXumN
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2