agenttesla

General

Target

8fc72d1b6bc15fbb7bcae8822b98c280b19359f20ed59dcec111ce4d70efbaa7.exe
Size

875KB
Sample

231206-vr78vsah73
MD5

10a12d74b0af33d14a4923d86fe73c11
SHA1

9fbdb5bc06316b92ecaea2cec3354654a9dff3bc
SHA256

8fc72d1b6bc15fbb7bcae8822b98c280b19359f20ed59dcec111ce4d70efbaa7
SHA512

0755f1b30ee83f550686b46c2f77a69c9fde72b8a1c2870aed94405dd6fa7327ce4f6ab50f567fb354b577dc95f6b3f61d1dd74b8db0bd8f8db7919a42082842
SSDEEP

24576:cmzfJNIl+jJLp4wFRo3yc03LWhZDW5sIO1A:cUzh7o3R03LWr2O

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://discordapp.com/api/webhooks/1181498491458035742/1cF67FyYbH5hKZiQFxnepGP9ouAxF_JrbATJrR-c9cynhriJsqMv6wgLBGq6n67jkbl-

Targets

- Target
  
  8fc72d1b6bc15fbb7bcae8822b98c280b19359f20ed59dcec111ce4d70efbaa7.exe
- Size
  
  875KB
- MD5
  
  10a12d74b0af33d14a4923d86fe73c11
- SHA1
  
  9fbdb5bc06316b92ecaea2cec3354654a9dff3bc
- SHA256
  
  8fc72d1b6bc15fbb7bcae8822b98c280b19359f20ed59dcec111ce4d70efbaa7
- SHA512
  
  0755f1b30ee83f550686b46c2f77a69c9fde72b8a1c2870aed94405dd6fa7327ce4f6ab50f567fb354b577dc95f6b3f61d1dd74b8db0bd8f8db7919a42082842
- SSDEEP
  
  24576:cmzfJNIl+jJLp4wFRo3yc03LWhZDW5sIO1A:cUzh7o3R03LWr2O
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2