agenttesla | 307f4eec8d8a90ea37f0eeffdebc7e5c997dbcecaee6b5e86ea8e06b0bea792e | Triage

Sharing

General

Target

307f4eec8d8a90ea37f0eeffdebc7e5c997dbcecaee6b5e86ea8e06b0bea792e
Size

262KB
Sample

241227-bjh48axmgs
MD5

0ec2fb4b97332149d5e34e7ec209b9af
SHA1

a5d3aef57716ac4c8fe4e5925c196eb277fed3f0
SHA256

307f4eec8d8a90ea37f0eeffdebc7e5c997dbcecaee6b5e86ea8e06b0bea792e
SHA512

d01530eb04356b4be790ea0980d541a7f177992c31e6e87156c9a94b70579f51ba7ebe74cb8aa0edb413a4bb9f61a45ce322b7a0aede38fbf90f938f7ab59ea9
SSDEEP

6144:he0jpV/9dUcwSyZrCjpUAYYYNZTSwUZ+bIUJpGlEjqZ4FPdjBLk:he0jb/9dU3SyZrCjpPYYYrTHUZgjjB

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
zqamcx.com
Port:
587
Username:
bangbang1@zqamcx.com
Password:
Anambraeast@2023
Email To:
bangbang@zqamcx.com

Extracted

Credentials

Protocol: smtp
Host:
zqamcx.com
Port:
587
Username:
bangbang1@zqamcx.com
Password:
Anambraeast@2023

Targets

- Target
  
  307f4eec8d8a90ea37f0eeffdebc7e5c997dbcecaee6b5e86ea8e06b0bea792e
- Size
  
  262KB
- MD5
  
  0ec2fb4b97332149d5e34e7ec209b9af
- SHA1
  
  a5d3aef57716ac4c8fe4e5925c196eb277fed3f0
- SHA256
  
  307f4eec8d8a90ea37f0eeffdebc7e5c997dbcecaee6b5e86ea8e06b0bea792e
- SHA512
  
  d01530eb04356b4be790ea0980d541a7f177992c31e6e87156c9a94b70579f51ba7ebe74cb8aa0edb413a4bb9f61a45ce322b7a0aede38fbf90f938f7ab59ea9
- SSDEEP
  
  6144:he0jpV/9dUcwSyZrCjpUAYYYNZTSwUZ+bIUJpGlEjqZ4FPdjBLk:he0jb/9dU3SyZrCjpPYYYrTHUZgjjB
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan