agenttesla | bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175 | Triage

Submit
Reports

Overview

overview

Static

static

duk (3).exe

windows7_x64

duk (3).exe

windows10_x64

Sharing

General

Target

duk (3).exe
Size

511KB
Sample

201109-bdp228aft2
MD5

04b191c4242a98c5b14ed1de9c61ef8c
SHA1

4c4fafb67933eb18100acdc76128f42dc9a9525f
SHA256

bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
SHA512

c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b

Score

10^/10

agenttesla nanocore snakebot coreentity evasion keylogger rezer0 snakebot spyware stealer trojan

Static task

static1

snakebot snakebot

Behavioral task

behavioral1

Sample

duk (3).exe

Resource

win7v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

duk (3).exe

Resource

win10v20201028

agenttesla nanocore coreentity evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotel71.com.bd
Port:
587
Username:
chat@hotel71.com.bd
Password:
9+^va&phP1v9

Targets

- Target
  
  duk (3).exe
- Size
  
  511KB
- MD5
  
  04b191c4242a98c5b14ed1de9c61ef8c
- SHA1
  
  4c4fafb67933eb18100acdc76128f42dc9a9525f
- SHA256
  
  bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
- SHA512
  
  c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b
Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan nanocore
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

snakebotsnakebot

behavioral1

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslananocorecoreentityevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy