Overview

overview

10

Static

static

TT Slip.exe

windows7_x64

10

TT Slip.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT Slip.exe

  • Size

    616KB

  • Sample

    201109-a94nyg6s4a

  • MD5

    7974c6ca97b8f4f163e0ab140701396a

  • SHA1

    720a76ac44ae776723d9a35b608209428a6611a5

  • SHA256

    8e637504c692c93f7cf0286af90f331cd2bb7961adf8bd9f2ec2f7e84db7adf7

  • SHA512

    c56e3947151fb3df44902f0966c348e48172a80b0951bc64481d20a8e4e55db21acc64d336758c9a113e158b6f3c31772e84b44a9447dfa0de30ad01cf00d8db

Score
10/10
agentteslaevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.dianaglobalmandiri.com
  • Port:
    587
  • Username:
    info@dianaglobalmandiri.com
  • Password:
    Batam2019

Targets

    • Target

      TT Slip.exe

    • Size

      616KB

    • MD5

      7974c6ca97b8f4f163e0ab140701396a

    • SHA1

      720a76ac44ae776723d9a35b608209428a6611a5

    • SHA256

      8e637504c692c93f7cf0286af90f331cd2bb7961adf8bd9f2ec2f7e84db7adf7

    • SHA512

      c56e3947151fb3df44902f0966c348e48172a80b0951bc64481d20a8e4e55db21acc64d336758c9a113e158b6f3c31772e84b44a9447dfa0de30ad01cf00d8db

    Score
    10/10
    agentteslaevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks