agenttesla

General

Target

africpiou.exe
Size

331KB
Sample

231205-wk9c1sea96
MD5

cb407edd867bb298d86ad82c2b4e7032
SHA1

2efcca5f28ccb1926ac128e5197839f13af01983
SHA256

f4cf2a5eba5104f17dcadf06a03a269157bfe9bb726c4bf0291519f47c2736f2
SHA512

1dd3ec12a42d1d898dce05cee613e80aca2b3190561f6ccf38569e9feee5a9d48ae0fd6439d4a2c4754c2c48146c37d6fbcf46543d189939e89ddfaa0adcf106
SSDEEP

6144:fGS74D4ji0736hkiSMCbGc1mqF32UiYRcENIysJGlq2a+gC0Noe+ek:eS0j0736ufEcsmL1cE25JGlq2aDrW

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6669461375:AAGwrSGDuGS4lzGe3ziI4ubZc9TzQ8r1m8o/

Targets

- Target
  
  africpiou.exe
- Size
  
  331KB
- MD5
  
  cb407edd867bb298d86ad82c2b4e7032
- SHA1
  
  2efcca5f28ccb1926ac128e5197839f13af01983
- SHA256
  
  f4cf2a5eba5104f17dcadf06a03a269157bfe9bb726c4bf0291519f47c2736f2
- SHA512
  
  1dd3ec12a42d1d898dce05cee613e80aca2b3190561f6ccf38569e9feee5a9d48ae0fd6439d4a2c4754c2c48146c37d6fbcf46543d189939e89ddfaa0adcf106
- SSDEEP
  
  6144:fGS74D4ji0736hkiSMCbGc1mqF32UiYRcENIysJGlq2a+gC0Noe+ek:eS0j0736ufEcsmL1cE25JGlq2aDrW
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2