agenttesla | 17ac0a1a3782927b4699ea3f0dab6f0efb1dc1a6dbcb373ef1151209d5b70194 | Triage

Sharing

General

Target

Tender Doc.tgz
Size

857KB
Sample

241010-nkb4hszgjj
MD5

c7f79a1a164ca8f64871500224b57f4e
SHA1

6e1f23d8d1059eab51466eb76e476d1a0ce81c79
SHA256

17ac0a1a3782927b4699ea3f0dab6f0efb1dc1a6dbcb373ef1151209d5b70194
SHA512

1e2cb4ffe80c1c7e5b8786fc81af650a6d46c1c2224d41ff04bb03542fb99e018640c5ee818a6d155254ac59756691dbbd0f3e6be4716b49ad3cf4e6a4fbb5e0
SSDEEP

1536:6AdYYsnFtg2c8RirK6a7XNPc0ukjmlWQek3:6AdYYsnFG2c8RirejNPxfQek3

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6828335029:AAHOq6iD_8Eg5u6FhmWF0NHPcKj1jLGtRk4/

Targets

- Target
  
  Tender Doc.exe
- Size
  
  810.6MB
- MD5
  
  91987addd413872ac9c60c3f4268e98c
- SHA1
  
  a70f7fc29b5e568ce1797612f3fd6976afb06548
- SHA256
  
  2fe47c0d56c892340febb39cd93eadaafaabc4bd2ca4de136540c8b319f83bbf
- SHA512
  
  561781240271e7d19dc0cbae1c21b00f18264c367a574fb707e5514cb49076e8058b7d9dc87de3c593784630deaefa6e8c29f0879411c340e2766358f93e8d0e
- SSDEEP
  
  1536:HnDup3S3fgpf/m349/14slbEkjxIqoeryAgNs+GjJxM3CEF/7GmqbMY7usiY9hk1:H5Yf/m349X2kdIqO/TG07GmCMY7pdk1
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan