agenttesla

General

Target

JaffaCakes118_be40f2dc727824a073cb01f5be4ca958
Size

355KB
Sample

250105-z8meyayman
MD5

be40f2dc727824a073cb01f5be4ca958
SHA1

b4760cc166064c0a0c89b5f78dcd35c7c33b80a6
SHA256

4ce416ea145d88a3d7c9a699e47f593f91efb8d22c7f818a144789ff77f42e4e
SHA512

d037aaa994fe4ca9e46f631056c7e7988cb0803378af5189846aa4f7e71eeedd421c6db339a2894984096bc25f2f5ec307ec555ced71b108609c4801f2cda97e
SSDEEP

6144:HpA2W3U141HMcxulsSPvWYLukNnqCh5mGZFnGsfDU:HpU3U1mMcxSPOxYZ53FnNfDU

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2046248941:AAG5Z0PyWwtApmPaysBm59voK10ec9Rgnaw/sendDocument

Targets

- Target
  
  olii.exe
- Size
  
  270KB
- MD5
  
  ba9d3f63058ea4041190e82e03ffd5f6
- SHA1
  
  2bd055abacc3b9ad6f7cb1fa8613c7c44fd21943
- SHA256
  
  bfb35a39b72e24ce801468a629e64b1806ae5cf8339ade1ee7f145ec4497be93
- SHA512
  
  7e2d37dd5921cda5ebff477308644b1a7f1b2586e6792f17d6f59b911dc04ed91db2569032dd9d5f3fa29e9caefb906153336052c256297354cfe73fc58b5462
- SSDEEP
  
  6144:wBlL/c5bsFKd4xN3dRWrJYoozpSbRugzPsVKiyJ:Ce5AEa6VYhpSgePQd6
Score

10^/10

agenttesla collection discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aneyji.dll
- Size
  
  19KB
- MD5
  
  f7a30cb571aa862021ff786169f72a80
- SHA1
  
  d002635afeacd67ad2e5764d4dd07e0ec5f49ae3
- SHA256
  
  3c3b81e2f3de386bb78562b8005fcc582aa83d1bd5ac99aca14bd235f401c018
- SHA512
  
  7fc63a94a72b93ff57645d3e8c92726b7f77976ed5801461bfdaf4638dd8376565dad5f6663d1e0bd064e7521230b2b9f7aae90a5733f387fa003b22b501c69e
- SSDEEP
  
  384:mjrLtiTvRxxt1BoXiaQxmCc1abG8QMqjfB4z:krLYTvR7xJxmpKG8ay
Score

10^/10

agenttesla collection discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4