agenttesla

General

Target

b0284d4d696cb05e92502441aa0499085ca3a1457935932fa40c677083932081.exe
Size

338KB
Sample

241123-jjee2a1mht
MD5

b9ba439d942b2a5b68c06cbf6d97738a
SHA1

c834dd3046437eecc2b89f7c448cbaf56046b22e
SHA256

b0284d4d696cb05e92502441aa0499085ca3a1457935932fa40c677083932081
SHA512

80d3f3190edc5eafb008ab17a9fc7b7c0559ec7180295903635dc13e3c8530f79783257f2952a86ce2e680e01a23fb1735c2c54390a4feadf4f0edcb6f28213f
SSDEEP

6144:GBlL/VGeKGDuGyGNQuy55SVyvdhZJrfdX6qFck4o+v/WwE8jjlw1qQ:EmPgmKSv+/WWjK1F

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1803146213:AAHYyCRx7FggQ9LfPbrIs79ZUWCEc9wNnDo/sendDocument

Targets

- Target
  
  b0284d4d696cb05e92502441aa0499085ca3a1457935932fa40c677083932081.exe
- Size
  
  338KB
- MD5
  
  b9ba439d942b2a5b68c06cbf6d97738a
- SHA1
  
  c834dd3046437eecc2b89f7c448cbaf56046b22e
- SHA256
  
  b0284d4d696cb05e92502441aa0499085ca3a1457935932fa40c677083932081
- SHA512
  
  80d3f3190edc5eafb008ab17a9fc7b7c0559ec7180295903635dc13e3c8530f79783257f2952a86ce2e680e01a23fb1735c2c54390a4feadf4f0edcb6f28213f
- SSDEEP
  
  6144:GBlL/VGeKGDuGyGNQuy55SVyvdhZJrfdX6qFck4o+v/WwE8jjlw1qQ:EmPgmKSv+/WWjK1F
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aiuxmmjtmkz.dll
- Size
  
  19KB
- MD5
  
  586dd640c4a64cdf876ac0bfe48ad870
- SHA1
  
  8f9704a440ee2fb56b0bfd2a2f9a5b2a3fa685f0
- SHA256
  
  206c1772141cc0ae68d1a3a317c1b4e5b2ece540322c211b6a37d65f100114cd
- SHA512
  
  984100b0309b9d2f3cdf783697a497cea4675aee9b2c4529ef20afd6bdf011f1240044bfda2af2f9bb98b98c45b03c6d72e98dda2da8a958d36f3229c9a0dc62
- SSDEEP
  
  192:6z+aLflYnmPwn5488nq3lfstCTJ28WzKKMih6rmvIQb/Wj0J43UESslEUwvyX2Rm:6zJBYew5JDstCToJTIi/W2slE5vYQHG
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4