agenttesla

General

Target

c8282eb4403ef499fec1dbc0ae22c928e4f0d9a4f99fcccd1b5734656bbd5632
Size

327KB
Sample

240115-bh41asedgm
MD5

37fcf470a691a94e67b1a74298bc33c1
SHA1

87f3856853889a9b0433805c9115fbfcc96dfeda
SHA256

c8282eb4403ef499fec1dbc0ae22c928e4f0d9a4f99fcccd1b5734656bbd5632
SHA512

c4317aeae59019b248bb9ebe6d331fab4018d429a1ede09e1169e8fe565766d3f6ec7c5d063683d63603bb2f2b6207087dc3c00b6303524b3fb860d953d769fa
SSDEEP

6144:MFw3elwGIsLWGUdTLiW/5VaYJWDpVItR90gYfbWjEE+hDxE7dVL/Cvmn92A:Il8pL5/KTdVItRDYftEOD6zz92A

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
daolxgyzyjmooghy
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
daolxgyzyjmooghy

Targets

- Target
  
  c8282eb4403ef499fec1dbc0ae22c928e4f0d9a4f99fcccd1b5734656bbd5632
- Size
  
  327KB
- MD5
  
  37fcf470a691a94e67b1a74298bc33c1
- SHA1
  
  87f3856853889a9b0433805c9115fbfcc96dfeda
- SHA256
  
  c8282eb4403ef499fec1dbc0ae22c928e4f0d9a4f99fcccd1b5734656bbd5632
- SHA512
  
  c4317aeae59019b248bb9ebe6d331fab4018d429a1ede09e1169e8fe565766d3f6ec7c5d063683d63603bb2f2b6207087dc3c00b6303524b3fb860d953d769fa
- SSDEEP
  
  6144:MFw3elwGIsLWGUdTLiW/5VaYJWDpVItR90gYfbWjEE+hDxE7dVL/Cvmn92A:Il8pL5/KTdVItRDYftEOD6zz92A
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2