agenttesla

General

Target

72e7c1c354f2680beb148df6723b10ed_JaffaCakes118
Size

304KB
Sample

240726-g4hl3svbqc
MD5

72e7c1c354f2680beb148df6723b10ed
SHA1

cb251f36264a34f6bdcb1367e7632f37c1ba80a6
SHA256

7fd3d9d611f69b2a54329cabc7c5000e65f54a733b52ec771a382f63fa820617
SHA512

fed81754b5f54553666da90aa2a2aee8527688a2c3a5ac6f4e881372464b5c4686f4ca284afd75f5dd6380feab1d21662b602431922d03f3d0472c17f136752f
SSDEEP

6144:F8LxBsWND9SaE1oekh8KP8I3WlaJ5mVKzPp2xnMVmKeUyTP83RKHE:/Wx9OYSqpNgMVmKexT2IHE

Score

10^/10

Malware Config

Targets

- Target
  
  72e7c1c354f2680beb148df6723b10ed_JaffaCakes118
- Size
  
  304KB
- MD5
  
  72e7c1c354f2680beb148df6723b10ed
- SHA1
  
  cb251f36264a34f6bdcb1367e7632f37c1ba80a6
- SHA256
  
  7fd3d9d611f69b2a54329cabc7c5000e65f54a733b52ec771a382f63fa820617
- SHA512
  
  fed81754b5f54553666da90aa2a2aee8527688a2c3a5ac6f4e881372464b5c4686f4ca284afd75f5dd6380feab1d21662b602431922d03f3d0472c17f136752f
- SSDEEP
  
  6144:F8LxBsWND9SaE1oekh8KP8I3WlaJ5mVKzPp2xnMVmKeUyTP83RKHE:/Wx9OYSqpNgMVmKexT2IHE
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/otpbkk.dll
- Size
  
  24KB
- MD5
  
  ebc1cc1b843612d9aed6fe9a5d6df5f4
- SHA1
  
  5ebde7449aac6e0e6944854eddb9faf6fdafbe10
- SHA256
  
  aaea1153e1b3519d6e0836b4f6b9d3c0afa55e37e75470f33b7771625fdabc3b
- SHA512
  
  0aaede863a3bafd980c51b1ebd127b34974547c15c948a5510b0b1d40c9ec55b6729d0bb49f2f8897ee2949271a248b80a11528c02b283f0e84bd32e06ea7dbd
- SSDEEP
  
  384:kut+65SE5r0uoCD4hV6dAbxnRX2Hm2RDESyk9irB92GPKlD36:zt+65SE5rPoCDwpDiirB92GPo36
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4