agenttesla

General

Target

211c7f7ad00add16625f448bd69b70c5054f50f0ec1979e56425dd75b69f85e5
Size

618KB
Sample

231207-r8cxhacc73
MD5

8a6c155385b42e0e96e831a9caad63fb
SHA1

a303f3bdd8f8a2e80b859ac493143df90c658bd0
SHA256

211c7f7ad00add16625f448bd69b70c5054f50f0ec1979e56425dd75b69f85e5
SHA512

395e9b21d34b1853d54ece10fa1e37218887126088e15540c1ebd244c4f0781157c1057ff60d9ac4666c16ee2344d0bd968b3c145312d48bd04636ec40a77ecc
SSDEEP

12288:tytsJ8EzwTvCepfd3nDPOuVLtT3PoH2GvQc5KoyOKiRPBal40nmFUWB77:mqepdXDPtZtLoNvnEiRPk6r

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pharmapanel.com.ar
Port:
587
Username:
[email protected]
Password:
Pharma23Panel90
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.pharmapanel.com.ar
Port:
587
Username:
[email protected]
Password:
Pharma23Panel90

Targets

- Target
  
  211c7f7ad00add16625f448bd69b70c5054f50f0ec1979e56425dd75b69f85e5
- Size
  
  618KB
- MD5
  
  8a6c155385b42e0e96e831a9caad63fb
- SHA1
  
  a303f3bdd8f8a2e80b859ac493143df90c658bd0
- SHA256
  
  211c7f7ad00add16625f448bd69b70c5054f50f0ec1979e56425dd75b69f85e5
- SHA512
  
  395e9b21d34b1853d54ece10fa1e37218887126088e15540c1ebd244c4f0781157c1057ff60d9ac4666c16ee2344d0bd968b3c145312d48bd04636ec40a77ecc
- SSDEEP
  
  12288:tytsJ8EzwTvCepfd3nDPOuVLtT3PoH2GvQc5KoyOKiRPBal40nmFUWB77:mqepdXDPtZtLoNvnEiRPk6r
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2