agenttesla

General

Target

024329b091275921183104901dd986ef_JaffaCakes118
Size

308KB
Sample

240328-lksp6ahe51
MD5

024329b091275921183104901dd986ef
SHA1

6cd4de1da31572dd9e30c991cb4dfc68dff4e291
SHA256

c84323551b8814bcdf1b176cc38f197a00025817e93f6c8aefaa7ab180187cde
SHA512

80a7e37a242dba50ceadd9b8b46d2fb38c7eaf408a7175f8752698b1e08ac982ad841125198c53d0e0b8dd502b10183e56eeb3709e75181082071089c44d53fe
SSDEEP

6144:F8LxBsxzFUP5VmgKag/0FrOKWh+beUFDC1WbazwBnNDL6f22cc:/VF+KpOKhFUFDt2ghcR

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2006818448:AAEbXxhowuXbSCsvvlr5pUkJzFhgKnfWtso/sendDocument

Targets

- Target
  
  024329b091275921183104901dd986ef_JaffaCakes118
- Size
  
  308KB
- MD5
  
  024329b091275921183104901dd986ef
- SHA1
  
  6cd4de1da31572dd9e30c991cb4dfc68dff4e291
- SHA256
  
  c84323551b8814bcdf1b176cc38f197a00025817e93f6c8aefaa7ab180187cde
- SHA512
  
  80a7e37a242dba50ceadd9b8b46d2fb38c7eaf408a7175f8752698b1e08ac982ad841125198c53d0e0b8dd502b10183e56eeb3709e75181082071089c44d53fe
- SSDEEP
  
  6144:F8LxBsxzFUP5VmgKag/0FrOKWh+beUFDC1WbazwBnNDL6f22cc:/VF+KpOKhFUFDt2ghcR
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/wwovt.dll
- Size
  
  30KB
- MD5
  
  3db889c292904a3fcefaaea76ca6dc24
- SHA1
  
  b9e0cf954f3cbf80245e32633a01644f69a6f0d8
- SHA256
  
  15efdfbe9775fdeb2a57a01564006d1322e9f7815c8f4325d88d6403fe809238
- SHA512
  
  7abcdc3b2bcf849fa359010ebe04b587e9e7f8b3222a949f03fd5766506a0f612ab875bb205a60a7fe170002177c0a3d841965d902a175656406ff10df345047
- SSDEEP
  
  384:6X21oCNE0oHVOBiEN1EDzSW4Ys7//YriYpICfKSZP8ZWYahHT/yKetlOmdmSlmOW:6m1DE00OBiOW4L7Hw/phiZQhH7y3
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4