agenttesla

General

Target

4AF227E5B7CFC0A16A04FE44BF127BBB645E0D90237175443EE89DE69C244118
Size

342KB
Sample

231206-ep1s1abb34
MD5

25eeb351be26a93f8e5b38d76b12e1e2
SHA1

11826e12ba730aa1274efc3520656748e867c68e
SHA256

4af227e5b7cfc0a16a04fe44bf127bbb645e0d90237175443ee89de69c244118
SHA512

7ebbd478f2c81db2598ffd036c67faa346646cd504fc0fd987215102edc56f7ffb65e768bc6d65aea631a91b36a27f6106b17abe7d86fdd2c9a2687cdfc13996
SSDEEP

6144:zNAbcrRg2uoRfk8p6/JWhFKmFwGKG2f2KKBP1T8RiGwr+cra6gYm:pjduoRs80/JWemCX9HR/Ebu

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sturmsgroup.com
Port:
587
Username:
[email protected]
Password:
hs_B2R1px4ASsOhR
Email To:
[email protected]

Targets

- Target
  
  Qrguhetr.exe
- Size
  
  359KB
- MD5
  
  54a67d96afdf8ad86bc42e04274fb255
- SHA1
  
  7c9d591d4f6fd446dc4413e763efd8af78cc0dab
- SHA256
  
  b4ac3ee481fb4c75763858cedd0196f8e551acae75e16f7ce93907fb0d2e243f
- SHA512
  
  d79dc62898a52d9b190a778c579935c181370354477a2a2513d3db9ce433e25adc28967fcbdf07d7ab296695e6cd806bf7625393aaf01d96efe9472e1dab60e2
- SSDEEP
  
  6144:ilUueprpg8uoRfO8p6/nWhFKmFwYKk2f2KKBP1TERiGwJ+cra6l3Rh:iSV5uoRG80/nWemCVr5RvEbl3Rh
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2