agenttesla

General

Target

fdbd5d8a97e3037da2c542607bedb39d_JaffaCakes118
Size

498KB
Sample

240929-ec5w7a1gje
MD5

fdbd5d8a97e3037da2c542607bedb39d
SHA1

cd49cabb42a5729b4e4c48af10c48c2dacc45a05
SHA256

fd2892b638fafa197381cb5733431ce920baefa842c17e379a809cc837fcb445
SHA512

32262a1dc2670db89f65b60f2582c46e03a3c7bb83c132b8a64b368bb5f0cc566ee8a5aaf5c975eca7d744af82745d827d1069ad0f1e5f63aac0a07f8db66fd1
SSDEEP

6144:Tx/MsVodTFqY70Ijt94zcXgXytWo2SYYItxMVZ64mVaFouUX8MmG9OxJrhr:pNSd5vtjoztXAzYYPo4mVaFo6M7CJ

Score

10^/10

Malware Config

Targets

- Target
  
  fdbd5d8a97e3037da2c542607bedb39d_JaffaCakes118
- Size
  
  498KB
- MD5
  
  fdbd5d8a97e3037da2c542607bedb39d
- SHA1
  
  cd49cabb42a5729b4e4c48af10c48c2dacc45a05
- SHA256
  
  fd2892b638fafa197381cb5733431ce920baefa842c17e379a809cc837fcb445
- SHA512
  
  32262a1dc2670db89f65b60f2582c46e03a3c7bb83c132b8a64b368bb5f0cc566ee8a5aaf5c975eca7d744af82745d827d1069ad0f1e5f63aac0a07f8db66fd1
- SSDEEP
  
  6144:Tx/MsVodTFqY70Ijt94zcXgXytWo2SYYItxMVZ64mVaFouUX8MmG9OxJrhr:pNSd5vtjoztXAzYYPo4mVaFo6M7CJ
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  65pa.dll
- Size
  
  11KB
- MD5
  
  a8d977277094ac80a914a3b76aeec19e
- SHA1
  
  7ab08b10d43f01f63f4c5a4b493194fb37d2f6fe
- SHA256
  
  d748f96482d525178a9400769f2a21f007e9fe90f1c7ac668bd96259c4408563
- SHA512
  
  7225f1e16e2f207f87cba616f8a1879035f12e162cc88c8f77a4c5f46d3c608c2e45ccf129f81fb0c8bf34e6e3ef888c347bf9bdb89b870dbe0b2895441212de
- SSDEEP
  
  192:OpSwl8Um2cA1rgCV+6VtKlwTwrT+JxKbKQrAuLP:CNU2cA1rgCV+0tKjr6xKbKQrd
Score

3^/10

discovery
behavioral5 behavioral6