agenttesla

General

Target

708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.zip
Size

473KB
Sample

241219-q5cxnatngs
MD5

bc9244b5d0839548445b5e8750246c51
SHA1

e7d7e926be6ff8b42a04af6bcf470a89edfc0f76
SHA256

fa132d17ffde87b425fa244806bc3dd1a6d8b9e64db6b4bf9f57671dbf9444c1
SHA512

bc86781d56cae7c47063fe999f168c5861ad4550d216d6adbea94b67f08e6d40e4362f37c539f1564bafa5d0f4824ff6731a87ef3e831a76eba4c2a6f63b0183
SSDEEP

12288:4IBlq8YFJxc5OtE24J+XW/AfyEiNbra2IL+D7HK3KB56:n3mxcrJT/0yEaraaXZ56

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.godforeu.com
Port:
587
Username:
[email protected]
Password:
O8k#Pz4sk:w_

Targets

- Target
  
  708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.exe
- Size
  
  928KB
- MD5
  
  80b51e872031a2befeb9a0a13e6fc480
- SHA1
  
  caebbab5349f57d92182ce56ef4bf71ea60226a7
- SHA256
  
  708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089
- SHA512
  
  12e9db89be76788d238f8a7f3114534b50b953b9ef619f84b0a124fba77f5e7d4aa00ae8f6ac3fdb16ecd1398950d6bdadfa43e9ec59b6d59667df5ac3d60879
- SSDEEP
  
  12288:QieE+Q3mJyrf3iKXlrsfPO/l3Zn+aFpNUe2PPaEEaCh:QieE+5UrfvVg+Rd+afNH2PxEZh
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2