agenttesla

General

Target

df69d2caa796df4543e0493a50f07b69_JaffaCakes118
Size

502KB
Sample

240914-d4vd4avhna
MD5

df69d2caa796df4543e0493a50f07b69
SHA1

74e10cb660147514a42f5234abdfa09311c06398
SHA256

d52bed3aedf780b69f3f16e2d2cc740497664d479bb4aaa69206200106628f49
SHA512

4d392126f8e77ed400cf06b1db3fb6a461d928d9eaeb16f819f6780ec65c61cd72fa63867ee052a3e925ca4c636fa31f2e69f1ef5b8b1b7809fb3fa6d13bc896
SSDEEP

12288:0Tj5sOygBWeHFWjNZ8BiyL/osJ4u0hhSrOaCDOSpx6emZYQh:gj5rBWeJjsJuMza9emZYQh

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.deltataxation.com.au
Port:
587
Username:
maz@deltataxation.com.au
Password:
flX?jHei(%+5

Targets

- Target
  
  INV 493178246.exe
- Size
  
  820KB
- MD5
  
  94ec06012c2eabfff68c349a5330136a
- SHA1
  
  833d6264d984eb8816a95d91e4c491c8fb8554f4
- SHA256
  
  d2e12e778519b6ea35daaef5eadae95b9f9e7f60676c8ddae1b321e384984c63
- SHA512
  
  0ceaff384363e25e860fc977252b5827b847f61b8532f6a7b725ae829069f078559ebee406ed3bfc164b5f9569e6188078c458172111fc655433b869bc9e74f5
- SSDEEP
  
  12288:bb6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hOcUW9sqVZEG:qeSHhYRRxOVGcxJBdb12hi
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2