agenttesla

General

Target

e3454816d7a23aab781044785d330777544db4d50e195c362d39499391c66e97.rar
Size

253KB
Sample

231206-v5pzfaga3v
MD5

9a3a2119c971123d806210e59699a7bd
SHA1

1465d51120db9929a9e5d9aae318a33700829957
SHA256

e3454816d7a23aab781044785d330777544db4d50e195c362d39499391c66e97
SHA512

c7a29e869237704c89ac6d63b172bf0715c22093c79a28b639bacad380a1774e38eb2c7741cc20dea2a09c946add0f5f736d0ec3f3a56462cce016979fae36c3
SSDEEP

3072:6FQ0oQhOG8LdjdiBCKg8i3toUf7tvZMtXz8YICWwNCO40VKcLxelDdBrXrSRmDhd:whOBLdAPcoktRMlp8zDdpGRhLfQ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6669461375:AAGwrSGDuGS4lzGe3ziI4ubZc9TzQ8r1m8o/

Targets

- Target
  
  africpiou.exe
- Size
  
  331KB
- MD5
  
  cb407edd867bb298d86ad82c2b4e7032
- SHA1
  
  2efcca5f28ccb1926ac128e5197839f13af01983
- SHA256
  
  f4cf2a5eba5104f17dcadf06a03a269157bfe9bb726c4bf0291519f47c2736f2
- SHA512
  
  1dd3ec12a42d1d898dce05cee613e80aca2b3190561f6ccf38569e9feee5a9d48ae0fd6439d4a2c4754c2c48146c37d6fbcf46543d189939e89ddfaa0adcf106
- SSDEEP
  
  6144:fGS74D4ji0736hkiSMCbGc1mqF32UiYRcENIysJGlq2a+gC0Noe+ek:eS0j0736ufEcsmL1cE25JGlq2aDrW
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2