agenttesla

General

Target

JaffaCakes118_eb10234a0a4f57d5b23d17eb663e0a85
Size

346KB
Sample

250110-w4y2dsskb1
MD5

eb10234a0a4f57d5b23d17eb663e0a85
SHA1

1dcfa0eaeff6d2891d5708c0598a8a4ee64b3a0a
SHA256

b6ed29e0da8d78835a66a6c4560548e37ae59ab79451429c6d818f8cc43173bd
SHA512

446d1c18b760dac482ca4fcc6ed0f65d34c9267625c1d7d49077116d8c8ddfdb0a60789692f68e18dd7c2996c11cba734c8ead065ea29b9612dcc937845a1547
SSDEEP

6144:GBlL/geA6j5Foj0lDDURNQEOYqzk350rzDjd6wZmX/o3u96C5Z:EieA6j5ij0lDANQSKrPKXg+96SZ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1803146213:AAHYyCRx7FggQ9LfPbrIs79ZUWCEc9wNnDo/sendDocument

Targets

- Target
  
  JaffaCakes118_eb10234a0a4f57d5b23d17eb663e0a85
- Size
  
  346KB
- MD5
  
  eb10234a0a4f57d5b23d17eb663e0a85
- SHA1
  
  1dcfa0eaeff6d2891d5708c0598a8a4ee64b3a0a
- SHA256
  
  b6ed29e0da8d78835a66a6c4560548e37ae59ab79451429c6d818f8cc43173bd
- SHA512
  
  446d1c18b760dac482ca4fcc6ed0f65d34c9267625c1d7d49077116d8c8ddfdb0a60789692f68e18dd7c2996c11cba734c8ead065ea29b9612dcc937845a1547
- SSDEEP
  
  6144:GBlL/geA6j5Foj0lDDURNQEOYqzk350rzDjd6wZmX/o3u96C5Z:EieA6j5ij0lDANQSKrPKXg+96SZ
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/pvrgshwm.dll
- Size
  
  47KB
- MD5
  
  1faaa3ee0a67c6f5162963e363e8faf0
- SHA1
  
  82c8977e56a1ea9c25ac415defcfb035fa4d0085
- SHA256
  
  c340dc49b7d2339617ad4d76e3b4ec0483f294068fd1f26382e3833eea085792
- SHA512
  
  2714fc63ca8244a0940713b2fa593ff6ee8d1e66987a10506304fd3a45cf90a7ea39139a17c2389617f7c607f9d72251ad3bdc8e72b7b1f13f979abec596da1c
- SSDEEP
  
  768:C47djVQ3OZLTV18v01/LcxdR0vndKBJlp1T0b7x13ONIzE:C47/2QLTV140RARmn4nljTYx1+NiE
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4