agenttesla

General

Target

715c87ffb0854681c7cc37d4f5914871
Size

901KB
Sample

240124-ea8v3ahfgj
MD5

715c87ffb0854681c7cc37d4f5914871
SHA1

27c63eabf989f5996e7b9f5c8d560c95ce9db7a7
SHA256

06c41ac3b1c9c2913aacf32ba3c4f21b0182b36db66b6e4d07e0ed610f98cfb6
SHA512

d94e6c02c765cee9f0a4166cf0e390858c5ac8977fd015697f01627e55193e89cb84dd515cf19e58eb0bba4c9063d4b9987b53afca3aa2298751fcc183371cd1
SSDEEP

24576:Z3G955hqKA48lpC17W7ry5zCf4NttomzxVL9Wycjq:khy3lfHwzC03FzxVhrcjq

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.scottbyscott.com
Port:
587
Username:
[email protected]
Password:
ngozi8989
Email To:
[email protected]

Targets

- Target
  
  Products Order.exe
- Size
  
  1.4MB
- MD5
  
  e3c42f4fa46290ac448c8e8581234ea1
- SHA1
  
  27b2b99a10a8464ffee81834f9c6be73bf7c9e38
- SHA256
  
  f98808e82b9b3bea09748af3e904eb9cc769dd6f2378c4baa19d4f0c963634b2
- SHA512
  
  3b627fc313b2003ffd095ba64114dba5fcaecb30c97ea4a63286f2bd8aa1d8e2fc1cd9465d0e7ff334c91147a37fb19d1fa62b604baf349ba9b0de756baae18a
- SSDEEP
  
  24576:8TK+2a6Zefx8DgMfx8DgEsijrre0UbP93GqIttSe96jur0I1AwZCfLL:+25c58DgM58Dg0z+JetSD64I1PZCj
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2