agenttesla

General

Target

4df1caa877eac11077fcdba5a4220b5868612f16c80d228ff3d04e8a11c3e309
Size

357KB
Sample

240917-shb3yszdmr
MD5

e666960adf20e0c7f2d8f7397709d9cb
SHA1

4cc2c660110f35b5769439aa21f45504ad610446
SHA256

4df1caa877eac11077fcdba5a4220b5868612f16c80d228ff3d04e8a11c3e309
SHA512

5649ad82f409fecfcd406c851c3bb015e6640602de142d1404694a98008cfc06608060284dc03efa76261f093c646388393d16f2e2dbbd651384f5e59cec319c
SSDEEP

6144:YDGgG5qUL1xmjPS7OVMKarRmXzLAqIXtQT4jwzRsObT0:SsyjBtzLadHQs

Score

10^/10

Malware Config

Targets

- Target
  
  4df1caa877eac11077fcdba5a4220b5868612f16c80d228ff3d04e8a11c3e309
- Size
  
  357KB
- MD5
  
  e666960adf20e0c7f2d8f7397709d9cb
- SHA1
  
  4cc2c660110f35b5769439aa21f45504ad610446
- SHA256
  
  4df1caa877eac11077fcdba5a4220b5868612f16c80d228ff3d04e8a11c3e309
- SHA512
  
  5649ad82f409fecfcd406c851c3bb015e6640602de142d1404694a98008cfc06608060284dc03efa76261f093c646388393d16f2e2dbbd651384f5e59cec319c
- SSDEEP
  
  6144:YDGgG5qUL1xmjPS7OVMKarRmXzLAqIXtQT4jwzRsObT0:SsyjBtzLadHQs
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2