agenttesla

General

Target

d19acda9e1da746d2c1f0b9b0a810a977cc7e48256de3dae9f07b9c5bf79c2e0
Size

346KB
Sample

241124-bmwjqawpdv
MD5

fa463114cb53575503e3963335bfb940
SHA1

b0d1067e0bf856e0521bb26abd84ef69a9866e17
SHA256

d19acda9e1da746d2c1f0b9b0a810a977cc7e48256de3dae9f07b9c5bf79c2e0
SHA512

b073da9ae3be8f5215659b1e1720fffa51e8599ddbdae169ef1483e892048bba9fe3d609e15af8decb317a4b9ddb4db521fba6907fb45136421b8a0bce0de0fa
SSDEEP

6144:GBlL/J6M1/BLB1X2Db0jllIf8Tu0NuYPUcb2RuMzbA0otv9vFw:EyM15Lf0sllI0Tue0kmHA3a

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2021562129:AAG5jOD-8o1ZVDhFUnGUw6bzmNZXXfUtGN0/sendDocument

Targets

- Target
  
  d19acda9e1da746d2c1f0b9b0a810a977cc7e48256de3dae9f07b9c5bf79c2e0
- Size
  
  346KB
- MD5
  
  fa463114cb53575503e3963335bfb940
- SHA1
  
  b0d1067e0bf856e0521bb26abd84ef69a9866e17
- SHA256
  
  d19acda9e1da746d2c1f0b9b0a810a977cc7e48256de3dae9f07b9c5bf79c2e0
- SHA512
  
  b073da9ae3be8f5215659b1e1720fffa51e8599ddbdae169ef1483e892048bba9fe3d609e15af8decb317a4b9ddb4db521fba6907fb45136421b8a0bce0de0fa
- SSDEEP
  
  6144:GBlL/J6M1/BLB1X2Db0jllIf8Tu0NuYPUcb2RuMzbA0otv9vFw:EyM15Lf0sllI0Tue0kmHA3a
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/dkznkxdbox.dll
- Size
  
  47KB
- MD5
  
  0b7ad8699439ce182b38af57ce27df00
- SHA1
  
  be832ae4c9122e1daf351a6724cbefcd4e4ff710
- SHA256
  
  40e4279cf55da1330a38525edaacba9c3d7ad3b135f932475825da7eaad5c5b2
- SHA512
  
  b8b1ddb60a38c0981ba97089a902dea44ffd32fd91c6a8d6a7412680cb7fa32d3a944e9c230ab40a0a0c9cbbf181cfab3a164e84f3007d4004f9e8b2930aa6a6
- SSDEEP
  
  768:FA7tb03mZjLV1cv0x3jcZ9p0v3dKBBtCdZXETxDvRyU7JHfePun:FA7cYjLV1Y0VApm34PtqZXETxDj78e
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4