agenttesla

General

Target

f0815e3a862e22963efd7e5f0f8bdda72cbb13a874dfeca3011d819342a83f35
Size

338KB
Sample

241124-bqf87sspem
MD5

781968940e3788a419f1db320472796b
SHA1

8949d32f1858d7f4a79181e6be535909ba67e1de
SHA256

f0815e3a862e22963efd7e5f0f8bdda72cbb13a874dfeca3011d819342a83f35
SHA512

bfbf5df9cc2c0b83eb791049584372d157843f3c2b758d5e4f143bb562bd0cfbcc43b364650d6652abe19688709751db408d64d266de239e16db40da8fcd0eeb
SSDEEP

6144:GBlL/4n4Q8MVKa1l3gTt0elaeTRz6WIPvryDI9cmd4baqo4MyWCy:EKr9yx0ITt6JmDRy4ba6WCy

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1948592798:AAEPqwEad_OoXqml68rtg1qHOajQ46ljm48/sendDocument

Targets

- Target
  
  f0815e3a862e22963efd7e5f0f8bdda72cbb13a874dfeca3011d819342a83f35
- Size
  
  338KB
- MD5
  
  781968940e3788a419f1db320472796b
- SHA1
  
  8949d32f1858d7f4a79181e6be535909ba67e1de
- SHA256
  
  f0815e3a862e22963efd7e5f0f8bdda72cbb13a874dfeca3011d819342a83f35
- SHA512
  
  bfbf5df9cc2c0b83eb791049584372d157843f3c2b758d5e4f143bb562bd0cfbcc43b364650d6652abe19688709751db408d64d266de239e16db40da8fcd0eeb
- SSDEEP
  
  6144:GBlL/4n4Q8MVKa1l3gTt0elaeTRz6WIPvryDI9cmd4baqo4MyWCy:EKr9yx0ITt6JmDRy4ba6WCy
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/upspw.dll
- Size
  
  20KB
- MD5
  
  0f91acfbdd02bae9c793e8e8a4b70c95
- SHA1
  
  78e61c3a75786e9667f299d99509b0d10e1860fc
- SHA256
  
  cae5f924fa04faa67dd7033706ee6af0e045c91b2e2d10c03cd45182a9b3da31
- SHA512
  
  f9ae967537378efb79b9d43e9b987903137d5f0643bb39379284e68d51028ac8c4cf6652bf8019f6de77834095c127b6281a84a4f98e574d889197fec582b479
- SSDEEP
  
  384:PkNXKtjQfcNzoFqacGdJ+flViKEtKGmk33:PkNXKtu3D0flkK+H
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4