2020-11-06 - POSSIBLE AGENT TESLA (AGENTTESLA)
ASSOCIATED FILES
- 2020-11-06-IOCs-for-possible-Agent-Tesla.txt.zip 1.2 kB (1,201 bytes)
- 2020-11-06-malspam-pushing-possible-AgentTesla.eml.zip 432 kB (432,305 bytes)
- 2020-11-06-possible-Agent-Tesla-traffic.pcap.zip 664 kB (664,266 bytes)
- 2020-11-06-possible-Agent-Tesla-malware-and-artifacts.zip 1.7 MB (1,693,378 bytes)
NOTES:
- This one would not run on a VM, so I had to use a physical host.
- This looks like Agent Tesla (AgentTesla), but the format for emails exfiltrating stolen victim data looks a little different than previous Agent Tesla samples I've investigated.
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Screen shot of malspam pushing possible Agent Tesla.
Shown above: Screen shot of attached spreadsheet with macro for the malware.
Shown above: Traffic from the infection filtered in Wireshark, and the initial malware EXE saved to my infected lab host.
Shown above: Malware persistent on my infected lab host.
Click here to return to the main page.