agenttesla

General

Target

48484c58c3e56cd49689cb83a0bd8525_JaffaCakes118
Size

326KB
Sample

240715-fe5jwaydmj
MD5

48484c58c3e56cd49689cb83a0bd8525
SHA1

5f29b98dfb8c59f1a0a0e46d5d630c8f9e160b30
SHA256

3a535814023d01b99aec8e98e291a9e96dec22036f6ddf32155f47e5e4af93b4
SHA512

d229dd3464520ec69e74ff12baa439b9f1974913a6694b259b62617df5edbf177c032bb5e8ab66ab7655efed76b6324302e08951c9cf4473c49b2122a28921e2
SSDEEP

6144:Xl0zdsLd/BnlXR+frAgx5MoldfHKPqeRcyqj3:GzdsR7XRPIMCdH+TTqz

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1977412702:AAHcwCQugKL3b_T7tso5y0ZBM6ZBqicZB6g/sendDocument

Targets

- Target
  
  Atlasship_O2ASV706248.exe
- Size
  
  437KB
- MD5
  
  b5aa760ab302fd3bb41e66af7c1c7c93
- SHA1
  
  e282d33963b8e490833f694174ffc6983c849d55
- SHA256
  
  45434ec46713c9d3c5fdc793207c4167169c1e4b4ff6c55f98a11962129a64a8
- SHA512
  
  2939cf1c7b554a43059cb76aeda098a91505851ebbd2520317b1568446e7144fb9e725465a889c0013690b4c74d8dc274742df7db5e2968bcf3059f74079590c
- SSDEEP
  
  6144:Z8LxBaNtGfvVy9PmAJs6yHMEwfyT0AkapmEoWh8vxy7wyinx8u6yp8R/RGqj2:XGfvw9+orUMEb0XNWh8vxy1inKGp0Gqq
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/evnlygoa.dll
- Size
  
  16KB
- MD5
  
  8ed79ba21eea27180585788ff0b88c1a
- SHA1
  
  d5b9a67e668262fa857c13531dcc2be76d87bbae
- SHA256
  
  0f9d6c7dd90cbcfef51b5917e214f5e75b8fc10f25ff46deb6f6d304f1e4afe6
- SHA512
  
  b2289f8c59885cd23941a8dfd00bfb018af5c9b926726362157c5a5b257b42b59a6e48ccb9ab7cfa45b190ac244617a7bfdc34ff8eb04f8ba840613f0d925dbc
- SSDEEP
  
  192:pkDqveVwq3/xTQqf8giRokjJMYHYLDFWGqgroe/DD8IiCeJ2/20mCKG1IyZ:q24wq35TR8pocYL0zED8kae221Iy
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral3 behavioral4