agenttesla

General

Target

be2ce5f5a6c45d80e7c6dde39002f9c6e15c8833a7dd3061d512c3f0934fcdcb
Size

309KB
Sample

240202-bvtebsdacq
MD5

54a6ed07455a700873905966fff3ddc3
SHA1

fec0400399a34811a3f4d00b6647bfaa4ac82d16
SHA256

be2ce5f5a6c45d80e7c6dde39002f9c6e15c8833a7dd3061d512c3f0934fcdcb
SHA512

d66161e5824c9eab12c9c653999de616f913d21dad258ee4f010657c08bf2692ef9e759212e9c36401c50b22cdecc1df4bd17fedac07981afabcd0f3f0f5d949
SSDEEP

6144:vYa6cwmkIYQMcUEqfcdZdEu3wylA4IfdSth3/qHTWriB/joI1GParh5:vYCSIYQzaOU4GSz/qHTWri1jVGyP

Score

10^/10

Malware Config

Targets

- Target
  
  be2ce5f5a6c45d80e7c6dde39002f9c6e15c8833a7dd3061d512c3f0934fcdcb
- Size
  
  309KB
- MD5
  
  54a6ed07455a700873905966fff3ddc3
- SHA1
  
  fec0400399a34811a3f4d00b6647bfaa4ac82d16
- SHA256
  
  be2ce5f5a6c45d80e7c6dde39002f9c6e15c8833a7dd3061d512c3f0934fcdcb
- SHA512
  
  d66161e5824c9eab12c9c653999de616f913d21dad258ee4f010657c08bf2692ef9e759212e9c36401c50b22cdecc1df4bd17fedac07981afabcd0f3f0f5d949
- SSDEEP
  
  6144:vYa6cwmkIYQMcUEqfcdZdEu3wylA4IfdSth3/qHTWriB/joI1GParh5:vYCSIYQzaOU4GSz/qHTWri1jVGyP
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  rgmkcdirw.exe
- Size
  
  94KB
- MD5
  
  fd6c355b64052d7e9b9f7ad59f2cdf2b
- SHA1
  
  73daa27878b7bbb38484851e5e885dcc6cd59e55
- SHA256
  
  c266477af0e1f86d0cf5700730033ae3896d325d5c7a74a81a2f4a34f3e59fbd
- SHA512
  
  608f39cc52c9fcf088f3dde2cba33e64e76273233730dfe78281e8f284cba913f5cbb875a90d5c2b9f44689e81e945bb838c534cdfd37f61bc61bc4dd8fb3e63
- SSDEEP
  
  1536:MLMEgm1AbRBy6UAM+Rm01YiRxvaFEbu7maSq2ZixCwoNCu6ylvGAVsWvWcdeodko:MLMbeUO01Yubu7m7qqixulvh3XefyCbu
Score

3^/10
behavioral3 behavioral4