agenttesla

General

Target

factra.rar
Size

76KB
Sample

240223-qnc64age2v
MD5

2d3b914a08a305baf5f465eeb0632577
SHA1

3eb3c6ab3cb9f709ffc6a5bce6f67d2da188957b
SHA256

e6c0c98ad74a7eb584979f60170364d931359b314996ef7bfb82fa107469b010
SHA512

fefd827ae16e63ea345a716cdfae5c643c2c188c1e5b36f0f2107fd8806176487209e8db649049ebf4d1db09825319cd4b34ac828836774393fc3ee8e1cc310c
SSDEEP

1536:4QTlQ364Gal2k4u3c6/48V5g6qlT8ecxeXX+g1iTNmCDtGngN2v5r7j:xTlilQuM6/48LgtBcxhPDtYgYR3j

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
ReparaHogar2013
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
ReparaHogar2013

Targets

- Target
  
  factra.exe
- Size
  
  234KB
- MD5
  
  81c99218c97c247ec966c9af86280b8e
- SHA1
  
  620374a403c7a762e7fdc3cdfb6c2017f4990efb
- SHA256
  
  2bb44dfe2f7b114241a1878adf3e515a06be878052e09b366fd3e83efb59ced6
- SHA512
  
  fbf0a45a590b2e92a599fc1849654c0b7f007920ae159bbd384e46bfe1537ec6de06d750fa2f7e8ba6e5618711521fc4599550f6d03e8a0c26dcda83960d670b
- SSDEEP
  
  3072:FimyuyG5gxzbMTbI0YuBEuPWqbs5fgNv20z:FimyuyG5gJb4bI0Y+EtEZvD
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

4

T1552

Credentials In Files

3

T1552.001

Credentials in Registry

1

T1552.002

Discovery

Lateral Movement

Collection

Data from Local System

4

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads WinSCP keys stored on the system

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2