agenttesla

General

Target

a0a48111d3e46bcee758b5c247fa0d3444ff79db4681e8ec78319a70eb8cf54f
Size

844KB
Sample

231208-b9e59agf32
MD5

869b99c46c9bc8c7a6586ed3090c9fce
SHA1

c2568abbf4a8ba33349be44cbb0244b5b7962f93
SHA256

a0a48111d3e46bcee758b5c247fa0d3444ff79db4681e8ec78319a70eb8cf54f
SHA512

dc664e156f6fc1fa1a4e6a088f7123fb870b6f1b4f0bc0d9362605ba45aa30521ca57b45db77990c8a917f151b60bdfd1b7a09975ae2af90af7d490cbeaf045d
SSDEEP

12288:B13V27YuPOq0BtHx6BSCw4A1IOZaEA4g4PTdK3lPY1MsOeBlkciDWB:33YjUHKVwp1bZaegidK1g1MsOeBlS

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5807029869:AAGsxVSshZSRiafw59B7rpMV8iPr8cSTNyg/

Targets

- Target
  
  a0a48111d3e46bcee758b5c247fa0d3444ff79db4681e8ec78319a70eb8cf54f
- Size
  
  844KB
- MD5
  
  869b99c46c9bc8c7a6586ed3090c9fce
- SHA1
  
  c2568abbf4a8ba33349be44cbb0244b5b7962f93
- SHA256
  
  a0a48111d3e46bcee758b5c247fa0d3444ff79db4681e8ec78319a70eb8cf54f
- SHA512
  
  dc664e156f6fc1fa1a4e6a088f7123fb870b6f1b4f0bc0d9362605ba45aa30521ca57b45db77990c8a917f151b60bdfd1b7a09975ae2af90af7d490cbeaf045d
- SSDEEP
  
  12288:B13V27YuPOq0BtHx6BSCw4A1IOZaEA4g4PTdK3lPY1MsOeBlkciDWB:33YjUHKVwp1bZaegidK1g1MsOeBlS
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2