agenttesla

General

Target

d879ef5d250d2f5f77cf26ed3ca69506_JaffaCakes118
Size

373KB
Sample

240910-sq6brszdpp
MD5

d879ef5d250d2f5f77cf26ed3ca69506
SHA1

d3f0f943d0c15c9c5975f726af3976dfdc794ca7
SHA256

9112bf6322a7832bbf2197b9c4f7a43ccf70519619965f0d38ee11e417850328
SHA512

5e5c72582d6f9e23003d63679d7f84dedf650c8086ce6283afd05b91c57e4d85c05a877462806f97e380de8242dc9e98ae146d67936371ba93bed353741a3c31
SSDEEP

6144:18LxBOeARnoXQswh/3R+bfspKESVgIIIuRpYAn4Zkqmrzivaf32pA:LeARoXQ95+TFEbIIIcdn4ZAivFA

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1803146213:AAHYyCRx7FggQ9LfPbrIs79ZUWCEc9wNnDo/sendDocument

Targets

- Target
  
  d879ef5d250d2f5f77cf26ed3ca69506_JaffaCakes118
- Size
  
  373KB
- MD5
  
  d879ef5d250d2f5f77cf26ed3ca69506
- SHA1
  
  d3f0f943d0c15c9c5975f726af3976dfdc794ca7
- SHA256
  
  9112bf6322a7832bbf2197b9c4f7a43ccf70519619965f0d38ee11e417850328
- SHA512
  
  5e5c72582d6f9e23003d63679d7f84dedf650c8086ce6283afd05b91c57e4d85c05a877462806f97e380de8242dc9e98ae146d67936371ba93bed353741a3c31
- SSDEEP
  
  6144:18LxBOeARnoXQswh/3R+bfspKESVgIIIuRpYAn4Zkqmrzivaf32pA:LeARoXQ95+TFEbIIIcdn4ZAivFA
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/elbvtxae.dll
- Size
  
  30KB
- MD5
  
  e471a18380ddea57b521a9a151025aa2
- SHA1
  
  0bf030cf51304dd6a266336f01fe3c814a57f185
- SHA256
  
  e08f7c9b87af9a2000875b4905fb2de63deaffe218a26c0a9973a3c4244f8a6f
- SHA512
  
  004d1a87552cbf5df2429b168c282e8940380331ef46984d563e1325a9d96cf433cd9f63b8996783f38830e455fb780774908f584c6544336b665aacd86659bc
- SSDEEP
  
  768:tYH4sBQJDh7wN4Ce1UtpWOPO8P9MuVR1QTouWQrpe:tIBQJDKLPO8P9PR1hQte
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4