agenttesla

General

Target

6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
Size

811KB
Sample

231206-dbfp8sae42
MD5

f88da6b08e7e83728c59a1e0e35cf824
SHA1

9768ed54c0bccb34b682d94d7be28ba9ed9e0afc
SHA256

6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
SHA512

3e2939f76619cdd5170213ff64962de392b6db5f867b831eed59478965af5b6f9f3911f8515124443a3effc5f79032013ba86cd1ece114341ec612c613bae794
SSDEEP

24576:zDKtD/61ItJpv4XvFaoFdaUELhvTIpIT:m6KtJpgfFaoFgD0

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://discordapp.com/api/webhooks/1181498491458035742/1cF67FyYbH5hKZiQFxnepGP9ouAxF_JrbATJrR-c9cynhriJsqMv6wgLBGq6n67jkbl-

Targets

- Target
  
  6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
- Size
  
  811KB
- MD5
  
  f88da6b08e7e83728c59a1e0e35cf824
- SHA1
  
  9768ed54c0bccb34b682d94d7be28ba9ed9e0afc
- SHA256
  
  6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
- SHA512
  
  3e2939f76619cdd5170213ff64962de392b6db5f867b831eed59478965af5b6f9f3911f8515124443a3effc5f79032013ba86cd1ece114341ec612c613bae794
- SSDEEP
  
  24576:zDKtD/61ItJpv4XvFaoFdaUELhvTIpIT:m6KtJpgfFaoFgD0
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2