agenttesla

General

Target

eccad3e996e1e5b349d2d2625b41d42c.bin
Size

659KB
Sample

240425-cxa67sdf25
MD5

898a6ab799c9725d282202f00afe4a2c
SHA1

9b3fdad12d2c4c4b564d351ac484bab23e610be0
SHA256

ee03c8667eac870e7fcb5655ff09ddeebcab9cdf5227dacf1e038813ecb2997e
SHA512

40aad8c8f65c4495f5cf3c95c9820df399a15bf2a8ba88e76d416a85c52765c1c66955e85171dae88314b7a331eaa10195a6f32efde72d0e945514b6f224531c
SSDEEP

12288:7t1toakypfMtZgE1vkmbIR9a05E4IPcLLG3F6adM7y1i1NG/iuSSX0:51tzhCNz057LG1hA36/iuSA0

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7099320956:AAEbKuoPa3eGpVw59XdjZSpakl0EQvO5p9g/

Targets

- Target
  
  HS202410407 Elemento de proyecto MSMU5083745/HS202410407 Elemento de proyecto MSMU5083745.pdf.exe
- Size
  
  300.0MB
- MD5
  
  ae691d82b099a7d1c9851c4fc30a0d7c
- SHA1
  
  e208fc697d549bcbf2f8d68fa7eac36b4f3de793
- SHA256
  
  c85752ca63d9ce92c459af05db545ed8c611622cbf273a4fec9c47bea1da5cca
- SHA512
  
  739fd1b478acbe1c972908f61da5b9472c436dd9c8b96ec72ef86fda5b871bba4c0949d35e1ed73373f2c47b94b00d7a4c4de0f0e0cbe7e9b1f14dfae1f48af9
- SSDEEP
  
  12288:WUnhF9WMn7VKqyX2F+2SrFJAaX6m5CVMfbgSaBLQqdydwh65IjHIk58SfFjr3x2Z:WUh2Mn7yXx57PfUlBLbd+wulS9jzIZ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

4

T1552

Credentials In Files

3

T1552.001

Credentials in Registry

1

T1552.002

Discovery

Lateral Movement

Collection

Data from Local System

4

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads WinSCP keys stored on the system

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2