agenttesla | a4d3085a47bf0da4fa557e18de19bada74667d0eaa3dca959990b96215bb25cc | Triage

Submit
Reports

Overview

overview

Static

static

new purcha...ar.exe

windows7_x64

new purcha...ar.exe

windows10_x64

Sharing

General

Target

new purchase order.rar.exe
Size

523KB
Sample

201109-5bejbj3myx
MD5

e50b58922768f36a719aa5e91c086c06
SHA1

f2216e02ce43d07bc6bc8b7fb01461f1d9d1aa91
SHA256

a4d3085a47bf0da4fa557e18de19bada74667d0eaa3dca959990b96215bb25cc
SHA512

ba6be2906587a73203196853952878e017e99ad94edec3195a368edd99f9fb0c2ae3218b84bd943a57f0cdbbd340043c0858b9e050f330dbacdf26b45f32d078

Score

10^/10

agenttesla nanocore snakebot coreentity evasion keylogger rezer0 snakebot spyware stealer trojan

Static task

static1

snakebot snakebot

Behavioral task

behavioral1

Sample

new purchase order.rar.exe

Resource

win7v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

new purchase order.rar.exe

Resource

win10v20201028

agenttesla nanocore coreentity evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.villanika.gr
Port:
587
Username:
info@villanika.gr
Password:
n2^-9wE@Wl}t

Targets

- Target
  
  new purchase order.rar.exe
- Size
  
  523KB
- MD5
  
  e50b58922768f36a719aa5e91c086c06
- SHA1
  
  f2216e02ce43d07bc6bc8b7fb01461f1d9d1aa91
- SHA256
  
  a4d3085a47bf0da4fa557e18de19bada74667d0eaa3dca959990b96215bb25cc
- SHA512
  
  ba6be2906587a73203196853952878e017e99ad94edec3195a368edd99f9fb0c2ae3218b84bd943a57f0cdbbd340043c0858b9e050f330dbacdf26b45f32d078
Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan nanocore
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

snakebotsnakebot

behavioral1

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslananocorecoreentityevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy