agenttesla

General

Target

708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.zip
Size

473KB
Sample

250113-yl3mzayjap
MD5

deb2e57a36b3c5577c2914fd240190e8
SHA1

b426046efa370f15f53cfbddf8934a372a6c4b0a
SHA256

8105f4123c1a0f773ae441e79d2c983372b2a3c649cff9dfcb55aa55676fb7b9
SHA512

83a72a037ebe381f5fb2a95a74311dd682217a63745134c6333186263fb82f254fba93fb850a5c8ff36690ad62d70a95adffa91676fb0c4418264cbe3b78382e
SSDEEP

12288:Zc92EAeTQAHaT1RM9eZzoL877uFkJMg4KUQHsXTrAYYfGcdad:O2cQAHa5O3L8XGL7oMXTlvcdu

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.godforeu.com
Port:
587
Username:
[email protected]
Password:
O8k#Pz4sk:w_

Targets

- Target
  
  708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.exe
- Size
  
  928KB
- MD5
  
  80b51e872031a2befeb9a0a13e6fc480
- SHA1
  
  caebbab5349f57d92182ce56ef4bf71ea60226a7
- SHA256
  
  708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089
- SHA512
  
  12e9db89be76788d238f8a7f3114534b50b953b9ef619f84b0a124fba77f5e7d4aa00ae8f6ac3fdb16ecd1398950d6bdadfa43e9ec59b6d59667df5ac3d60879
- SSDEEP
  
  12288:QieE+Q3mJyrf3iKXlrsfPO/l3Zn+aFpNUe2PPaEEaCh:QieE+5UrfvVg+Rd+afNH2PxEZh
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2