agenttesla

General

Target

708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.zip
Size

473KB
Sample

250330-tsw2jssth1
MD5

16196d43581ba2d4716dc33b1e89e595
SHA1

a140545ad2fb3c3916d6a578a8d93fb63814029c
SHA256

33d3ebb87bfb0ee7d7fd47ce7fe41eadc54a7cb15e370ebfc7a0b5e5d41d7f49
SHA512

37b4d90a63515c8fb6867d4739b852ab6e46c8abdb33663278914bc70814e0b214b99b3f61cd41184966ae2db7452dbd3e2244a85595879f255c992bdeb35b2b
SSDEEP

12288:vgA+qb23Gz8GqBZOMdwjjDRj3Tx/leOxnCJACX94:Z+qUGnqWMap3Tx/leWa9Xi

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.godforeu.com
Port:
587
Username:
[email protected]
Password:
O8k#Pz4sk:w_

Targets

- Target
  
  708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.exe
- Size
  
  928KB
- MD5
  
  80b51e872031a2befeb9a0a13e6fc480
- SHA1
  
  caebbab5349f57d92182ce56ef4bf71ea60226a7
- SHA256
  
  708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089
- SHA512
  
  12e9db89be76788d238f8a7f3114534b50b953b9ef619f84b0a124fba77f5e7d4aa00ae8f6ac3fdb16ecd1398950d6bdadfa43e9ec59b6d59667df5ac3d60879
- SSDEEP
  
  12288:QieE+Q3mJyrf3iKXlrsfPO/l3Zn+aFpNUe2PPaEEaCh:QieE+5UrfvVg+Rd+afNH2PxEZh
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2