agenttesla

General

Target

3b79df14e533fd74f880d7335e3376e0eefaee05aa0b8ebbe11051e9707edef0
Size

240KB
Sample

240213-b2y86ahh25
MD5

8ce5d2424e236724027a74be5da5a636
SHA1

dd2e88ec985128cfffb434c3ef004654ec243634
SHA256

3b79df14e533fd74f880d7335e3376e0eefaee05aa0b8ebbe11051e9707edef0
SHA512

5c8d5540d353d77cd4e84e9d9703235d80189829a6299e807fcb34ae83eefcff7c9e5f4be9f921de4845c353b8854a0e5f4fcdd12388467fc9872a93604f31a8
SSDEEP

3072:VcqHceO+eORQ5gcRpeilUKhICwJAg685VJT5BOLXX589Brk:yqHceO+eORQ5gcRptljhwJXVJTMXXS

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1173532822850510939/7ycdzOYZS7NjzueOY_4g9vijhjznK0lj8yLG7yS-AXhgkar7Yob44mkj1VTzCjoxasQO

Targets

- Target
  
  3b79df14e533fd74f880d7335e3376e0eefaee05aa0b8ebbe11051e9707edef0
- Size
  
  240KB
- MD5
  
  8ce5d2424e236724027a74be5da5a636
- SHA1
  
  dd2e88ec985128cfffb434c3ef004654ec243634
- SHA256
  
  3b79df14e533fd74f880d7335e3376e0eefaee05aa0b8ebbe11051e9707edef0
- SHA512
  
  5c8d5540d353d77cd4e84e9d9703235d80189829a6299e807fcb34ae83eefcff7c9e5f4be9f921de4845c353b8854a0e5f4fcdd12388467fc9872a93604f31a8
- SSDEEP
  
  3072:VcqHceO+eORQ5gcRpeilUKhICwJAg685VJT5BOLXX589Brk:yqHceO+eORQ5gcRptljhwJXVJTMXXS
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2