agenttesla

General

Target

577e6786cfc7e62f1ada7642e01d3de6846494ee5f94ab32dc859bb3fb68ce3f
Size

670KB
Sample

240330-bnpgssdg6t
MD5

e1fe3f51ba6f04a38a0aadd4504c3a46
SHA1

fc6c73c8c53cb57e49ba3c5886ff15ae389a8827
SHA256

577e6786cfc7e62f1ada7642e01d3de6846494ee5f94ab32dc859bb3fb68ce3f
SHA512

d8df6927ab8cce95a4d2c8ba17a8cc9fc885ae90c122936ade671466869b75c358df792fec57e6db9527865faaee8e7ca4813d8ad308b0e54b4c74f7cea90a9e
SSDEEP

12288:YHhim3PGZD5na3jcXJxTl/lYHeAAeWO6RGHo9fynr2xEQODWHFmR3BU7ZY:YkwcXbR/OeAAeKjgnr2xEQ+YFu3i7q

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.fedcraw.org.za
Port:
587
Username:
[email protected]
Password:
admin123fed
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.fedcraw.org.za
Port:
587
Username:
[email protected]
Password:
admin123fed

Targets

- Target
  
  BL-INVOICE SHIPPING DOCUMENTS.exe
- Size
  
  721KB
- MD5
  
  e12732b1388792e2376b5ceff0813ce1
- SHA1
  
  f6d305a5bc1cb57d98778983eb6d5ee21a291d33
- SHA256
  
  ee82a7d799150b129c7e27b8328e987cabf5de9d204b7e028ae2849d92672e20
- SHA512
  
  1c902234221b4640e1bfb95f10d7991b4bc619c0045f574df7f4e1cf75218609547f40b7d26e89add0d72a9a98efba25ad2cb010462745c7956abdda0fdfe8f1
- SSDEEP
  
  12288:QvLK1+mw78cPd5nuXjcdJrTxi6LarNLXghQAgVJRGHg9D6nj22J3EUfen9HpzifI:Qvi+mU89cd5di2aBQQAgn/8nj22J0W
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2