agenttesla | 5a38c1770a9728871ebf9a8a4b7b9e676fe5ace9c9b4a1a5d64f8ae86044fa97 | Triage

Submit
Reports

Overview

overview

Static

static

cpGoM9vVOEuBvfH.exe

windows7_x64

cpGoM9vVOEuBvfH.exe

windows10_x64

Sharing

General

Target

cpGoM9vVOEuBvfH.exe
Size

458KB
Sample

201109-26x2e1bjbx
MD5

e620cb9ccee4b0460a3af37e72e57a9f
SHA1

c38a182b62104ec7bde609ff36a99ca2972da19b
SHA256

5a38c1770a9728871ebf9a8a4b7b9e676fe5ace9c9b4a1a5d64f8ae86044fa97
SHA512

f2f72556fedfe983451b8828a8aafce8b5a9f247466b4ed755a17d16766017623d978a4d1ed65bc657fb10fa48fc84c640d9c67d20731311740cb0defc757436

Score

10^/10

agenttesla evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cpGoM9vVOEuBvfH.exe

Resource

win7v20201028

agenttesla evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cpGoM9vVOEuBvfH.exe

Resource

win10v20201028

agenttesla evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
v.clemens@slee-de.me
Password:
@mexicod1.,

Targets

- Target
  
  cpGoM9vVOEuBvfH.exe
- Size
  
  458KB
- MD5
  
  e620cb9ccee4b0460a3af37e72e57a9f
- SHA1
  
  c38a182b62104ec7bde609ff36a99ca2972da19b
- SHA256
  
  5a38c1770a9728871ebf9a8a4b7b9e676fe5ace9c9b4a1a5d64f8ae86044fa97
- SHA512
  
  f2f72556fedfe983451b8828a8aafce8b5a9f247466b4ed755a17d16766017623d978a4d1ed65bc657fb10fa48fc84c640d9c67d20731311740cb0defc757436
Score

10^/10

agenttesla evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy