Overview

overview

10

Static

static

10

PO000170.exe

windows7_x64

10

PO000170.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO000170.exe

  • Size

    509KB

  • Sample

    201109-78w5sc8n9x

  • MD5

    080cfd17bd94ff40a8813cd7c8d03b67

  • SHA1

    4a100e472fce2d52d58d153cd0ac4a82c6b79e7b

  • SHA256

    cd301ca1c374c26aca9bf5381a3b491ae384f06868617c6c16b563213854d159

  • SHA512

    7a7635ed2c14644a813c1d2a60cad09bb6d4c728cc2d3bdfd75f9e13ce4b8b044482b4eb20f942bc95144c48ae286ae5295003563bdb17296a8f3e9b16c0d3c0

Score
10/10
agentteslananocoresnakebotcoreentityevasionkeyloggerrezer0snakebotspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.tolipgoldenplaza.com
  • Port:
    587
  • Username:
    dir.fb@tolipgoldenplaza.com
  • Password:
    Golden@#$2019

Targets

    • Target

      PO000170.exe

    • Size

      509KB

    • MD5

      080cfd17bd94ff40a8813cd7c8d03b67

    • SHA1

      4a100e472fce2d52d58d153cd0ac4a82c6b79e7b

    • SHA256

      cd301ca1c374c26aca9bf5381a3b491ae384f06868617c6c16b563213854d159

    • SHA512

      7a7635ed2c14644a813c1d2a60cad09bb6d4c728cc2d3bdfd75f9e13ce4b8b044482b4eb20f942bc95144c48ae286ae5295003563bdb17296a8f3e9b16c0d3c0

    Score
    10/10
    agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojannanocore

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks