agenttesla

General

Target

7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
Size

826KB
Sample

231206-b4dp8shh78
MD5

f4da6df69533333b2c6fb4eadcc45793
SHA1

3d73f3f8c3952e68840e3c658c47d919fb7733db
SHA256

7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
SHA512

f8f1bd284e02c89ecd6f411b27262d94c7be67a1c08daedda837d4880d68c9d8ea4ad765d56e6654319393b59641ac426b25623c47f753ea079f79d16026b601
SSDEEP

24576:XMd8+VRO+Zd8ZaKCX+OYW3nCcGYfpBhtD/:PyJqZaKQRYW3+Y3

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Brillium360@@
Email To:
[email protected]

Targets

- Target
  
  7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
- Size
  
  826KB
- MD5
  
  f4da6df69533333b2c6fb4eadcc45793
- SHA1
  
  3d73f3f8c3952e68840e3c658c47d919fb7733db
- SHA256
  
  7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
- SHA512
  
  f8f1bd284e02c89ecd6f411b27262d94c7be67a1c08daedda837d4880d68c9d8ea4ad765d56e6654319393b59641ac426b25623c47f753ea079f79d16026b601
- SSDEEP
  
  24576:XMd8+VRO+Zd8ZaKCX+OYW3nCcGYfpBhtD/:PyJqZaKQRYW3+Y3
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2