agenttesla | 38ef20b71846a8278f246ff6ce1a847a2d52ddc9b0c1f5494ba4517101281490 | Triage

Resubmissions

05-10-2024 13:31

241005-qsm7vstfqk 10

20-03-2024 10:42

240320-mr6e9sfe3w 10

Sharing

General

Target

86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846.zip
Size

634KB
Sample

240320-mr6e9sfe3w
MD5

d2a5b7b4ee9503155d19c00548059e31
SHA1

107951d1a88d56041dfbb272bbc4c49a3921e075
SHA256

38ef20b71846a8278f246ff6ce1a847a2d52ddc9b0c1f5494ba4517101281490
SHA512

73ffe4073e8465c3a10699ce93217b813f992419af6b726ba9aee9ee952b8c8d16d8d5c32ad5448254e3af9d9d211d6e4c893444d4238f4634c3acbb46c2a01b
SSDEEP

12288:wcrvLZT7/fTm9mEEkD6Y+o5g4ahyDpXnO3r0Tk5k:woD17z5kDDPaYDdV

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.zqamcx.com
Port:
587
Username:
[email protected]
Password:
Anambraeast@123

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.zqamcx.com
Port:
587
Username:
[email protected]
Password:
Anambraeast@123
Email To:
[email protected]

Targets

- Target
  
  86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846.exe
- Size
  
  666KB
- MD5
  
  49a614236d15faef7cf8bf28ab590829
- SHA1
  
  0009643dea2b241e31200fa7d0e87f2195974fdc
- SHA256
  
  86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846
- SHA512
  
  8635bf3a1a6b552bc49d7e2369d914345ffb82e37090bd1902a4de3ec0638ee2c2f4c1715fcdaf2c410bb7fdf78ce00bd74ce3bf9ce803e206295982459a653e
- SSDEEP
  
  12288:FMy2+qkC8slD1k92DVgbLEc5zZVxmmq8F46MYsXQ5l2bkR:Fj/Hsl5k92sPFZVEDYzK+
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan