agenttesla

General

Target

5b83e5bdf407f204ed3924a06c75022aefd77bd5aec4aa9a362d5d23009a2e3f
Size

275KB
Sample

241124-bmvbnawpds
MD5

4622c8ac63df076d7f09f349a29ec58c
SHA1

2944d1ee9142173f5c889d14a66bd8eee2be054f
SHA256

5b83e5bdf407f204ed3924a06c75022aefd77bd5aec4aa9a362d5d23009a2e3f
SHA512

b6532ea5abf10a5c2031be5c330253e056c4ac739e9c48cf4bbbbe919b5ee760f868e2b071c5ea9e3ac5b6c0d10125daa38d428ddcf8fbe026be91a6d90f7f4a
SSDEEP

6144:yBlL/DKfVbsPAYWSebOs0gftttsyQ0bJ9Mf/PZ:4h3PAjbODgftTTDyPZ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900836728:AAEDyoYbBJwtt1EA4hdgRlGTN1cq760KPNU/sendDocument

Targets

- Target
  
  5b83e5bdf407f204ed3924a06c75022aefd77bd5aec4aa9a362d5d23009a2e3f
- Size
  
  275KB
- MD5
  
  4622c8ac63df076d7f09f349a29ec58c
- SHA1
  
  2944d1ee9142173f5c889d14a66bd8eee2be054f
- SHA256
  
  5b83e5bdf407f204ed3924a06c75022aefd77bd5aec4aa9a362d5d23009a2e3f
- SHA512
  
  b6532ea5abf10a5c2031be5c330253e056c4ac739e9c48cf4bbbbe919b5ee760f868e2b071c5ea9e3ac5b6c0d10125daa38d428ddcf8fbe026be91a6d90f7f4a
- SSDEEP
  
  6144:yBlL/DKfVbsPAYWSebOs0gftttsyQ0bJ9Mf/PZ:4h3PAjbODgftTTDyPZ
Score

10^/10

agenttesla collection discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/imby.dll
- Size
  
  20KB
- MD5
  
  70aa81a43b4e2b71c628c1631ceee2f2
- SHA1
  
  8d4d0d5731cbbc76cfbd20dd126b1a3e668e6745
- SHA256
  
  4d05db6baafc947da457406489df9b8fc3c666031f486edbdf71fce82d620b52
- SHA512
  
  c2ab362b35d5eeaf356a313515f3964211d986fef521693c6facc5e5c07cd5609d4e8a546f23d0cea266de2a6d716cbe172b6f7ccad47c8c022bd339d8e61804
- SSDEEP
  
  384:6q9jRsoKa98nhoA8ms0XwP+ecay4U8VTU/:6q9jRsPa9yBwU8Vc
Score

10^/10

agenttesla collection discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4