agenttesla

General

Target

5841cbc3a8fda61f6984c5fbdbda3a711fe39b3e8c08eeed6b05a5273b6971c6
Size

358KB
Sample

241124-bg6shasler
MD5

e1a772c6dad3b7344150d6a8924ef904
SHA1

acd73b3100c29d52bcece0aac1296233a63e688a
SHA256

5841cbc3a8fda61f6984c5fbdbda3a711fe39b3e8c08eeed6b05a5273b6971c6
SHA512

e9d324d7b942af8e7e66c2221ea23127a253bb6fe63e7f576904ccc032c97df9b51c762f05ff5f22fe203d7bb6ed898c5a9b48e156ea946a6360647626ffcfad
SSDEEP

6144:7xtLQ+SM/E+f8SzAmWeTyCREZErp/z6JnIYEYDQco30hzWRlRGUzt:7fLQ+lz8+RRTyCu06JnIYj7BWRP

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.adenerqyeurope.co.uk
Port:
587
Username:
[email protected]
Password:
j0#c!nNq6iW%

Targets

- Target
  
  5841cbc3a8fda61f6984c5fbdbda3a711fe39b3e8c08eeed6b05a5273b6971c6
- Size
  
  358KB
- MD5
  
  e1a772c6dad3b7344150d6a8924ef904
- SHA1
  
  acd73b3100c29d52bcece0aac1296233a63e688a
- SHA256
  
  5841cbc3a8fda61f6984c5fbdbda3a711fe39b3e8c08eeed6b05a5273b6971c6
- SHA512
  
  e9d324d7b942af8e7e66c2221ea23127a253bb6fe63e7f576904ccc032c97df9b51c762f05ff5f22fe203d7bb6ed898c5a9b48e156ea946a6360647626ffcfad
- SSDEEP
  
  6144:7xtLQ+SM/E+f8SzAmWeTyCREZErp/z6JnIYEYDQco30hzWRlRGUzt:7fLQ+lz8+RRTyCu06JnIYj7BWRP
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence privilege_escalation spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2