agenttesla | 07486c105833148668a1f022367f83df2ab0091bf92568bb0a1ca961fe9bb5ac | Triage

Sharing

General

Target

07486c105833148668a1f022367f83df2ab0091bf92568bb0a1ca961fe9bb5ac
Size

564KB
Sample

231206-epsgmaba88
MD5

55b9877de436e5f2201948249046573a
SHA1

e59a35eb2aac778985c6501a99990c893886234e
SHA256

07486c105833148668a1f022367f83df2ab0091bf92568bb0a1ca961fe9bb5ac
SHA512

45f7cde86008f4604da4cb6ed8bd246ebb8533c188492c997946c7e0d347844538ead63184900895d5d8e54f0f963237fdb29dada45c4f306bc907f61d074ef6
SSDEEP

12288:9uV4B/m8lVmR64OJlTl/5MlSjp9kBnK852gxcfpvfHTcBI8SRFUwUBJeS2jA3a:9fdPmR6Vl0XKC9mXHTN82FUwUHeSnq

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ardsmmm.com
Port:
587
Username:
[email protected]
Password:
Ard2015**
Email To:
[email protected]

Targets

- Target
  
  00158048022558621.exe
- Size
  
  678KB
- MD5
  
  8058fc91a2fb25f68844666f0babfdd3
- SHA1
  
  cd16874f02c71ea7fec3bceff54532e70c7152b0
- SHA256
  
  295b33ab6ac30b1a9cfe34fa15078e824635fe92aee746ce4882766d2060b5b3
- SHA512
  
  158b8d7d1a557cea9310e307d41b3d2d4261171adaa7cd09eca50430f5767c8815cc5ed5e671255bf710507cc90615722ad9db2f4d229095beae67c2f98f7aea
- SSDEEP
  
  12288:2BhdQCyrzWxWreQRqf53zxeagDSN97vBBL8VlRz+d7BR6wT:23dtQzWxWd6UINxvBBL8/cpB
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan