agenttesla

General

Target

3557e917a9227dfae9de7c0084171834137da709cb008cc24aa6c0ad007ecfb3
Size

346KB
Sample

241124-bm7lzssnfp
MD5

e09a2115711a56606044c2c963aade23
SHA1

0b45eb9ab200ca4aed5c6bd1dbcde39f34f3bc06
SHA256

3557e917a9227dfae9de7c0084171834137da709cb008cc24aa6c0ad007ecfb3
SHA512

85c4e4996326346a4f9cedea6b205615b9f7bf9219e658f0e0a5599120004944caf39345db565cc861fe16f8a5c77608ab859fb42936720c791046206e8c5399
SSDEEP

6144:GBlL/geA6j5Foj0lDDURNQEOYqzk350rzDjd6wZmX/o3u96C5L:EieA6j5ij0lDANQSKrPKXg+96SL

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1803146213:AAHYyCRx7FggQ9LfPbrIs79ZUWCEc9wNnDo/sendDocument

Targets

- Target
  
  3557e917a9227dfae9de7c0084171834137da709cb008cc24aa6c0ad007ecfb3
- Size
  
  346KB
- MD5
  
  e09a2115711a56606044c2c963aade23
- SHA1
  
  0b45eb9ab200ca4aed5c6bd1dbcde39f34f3bc06
- SHA256
  
  3557e917a9227dfae9de7c0084171834137da709cb008cc24aa6c0ad007ecfb3
- SHA512
  
  85c4e4996326346a4f9cedea6b205615b9f7bf9219e658f0e0a5599120004944caf39345db565cc861fe16f8a5c77608ab859fb42936720c791046206e8c5399
- SSDEEP
  
  6144:GBlL/geA6j5Foj0lDDURNQEOYqzk350rzDjd6wZmX/o3u96C5L:EieA6j5ij0lDANQSKrPKXg+96SL
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/pvrgshwm.dll
- Size
  
  47KB
- MD5
  
  1faaa3ee0a67c6f5162963e363e8faf0
- SHA1
  
  82c8977e56a1ea9c25ac415defcfb035fa4d0085
- SHA256
  
  c340dc49b7d2339617ad4d76e3b4ec0483f294068fd1f26382e3833eea085792
- SHA512
  
  2714fc63ca8244a0940713b2fa593ff6ee8d1e66987a10506304fd3a45cf90a7ea39139a17c2389617f7c607f9d72251ad3bdc8e72b7b1f13f979abec596da1c
- SSDEEP
  
  768:C47djVQ3OZLTV18v01/LcxdR0vndKBJlp1T0b7x13ONIzE:C47/2QLTV140RARmn4nljTYx1+NiE
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4