agenttesla

General

Target

679327dc45362940cf33cd2fc0f9a27f_JaffaCakes118
Size

445KB
Sample

240522-rsnztsec72
MD5

679327dc45362940cf33cd2fc0f9a27f
SHA1

94e1e653e51024580cefe78d94c472ecae0ce34a
SHA256

f1712d431b4bdbc63e6394533274ad333325507ab9034f83981f1a0c831f6e5c
SHA512

5a9c71458a6a8e91b341b323c1c9360bfe2a0614d6ce774dd1da6029978b195f5798336995d4f0f767ea2fc14e3daa37664a2dc27dbdceb0341a8b3ac784fa00
SSDEEP

12288:aY+biRSGCzNd/1zc9e1+ZRm1g4pxRSjqzTGbLP1MbZ0:aY+bOc3hX+ZRmisxRSjqzGMbZ0

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.flood-protection.org
Port:
587
Username:
[email protected]
Password:
scott2424@

Targets

- Target
  
  Quotation_pdf.exe
- Size
  
  705KB
- MD5
  
  dddddf377d10cd41e3ee6481cf117cd0
- SHA1
  
  a075e276f64a6e89cf20de22e6c5a6304ae1fba3
- SHA256
  
  059966fad375c8ce66bbb2da74f0c854918f6dba12af2a64cd401c00db0104dd
- SHA512
  
  0b09ca3a3c1034395f13ec0d1429ada31e7d18a0af83daefd05c72a610d5aa0bc860e314463e18bf833511a44ea5551a968910cb23804b9356027e34dcf1d070
- SSDEEP
  
  12288:dr5NlaFRMb7GKWWUxDz/xTT8Hc0jcJLSVGelJv61YmkSfsB:RL+Mb7hUhZqc0jcJLsGelavkSfK
Score

10^/10

agenttesla collection keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

UPX packed file

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2