agenttesla | aea995774e042d4c1aba6b954eb0e771548f7edb16c4d46c8cae3dae99ce7bc1 | Triage

Submit
Reports

Overview

overview

Static

static

new order.exe

windows7_x64

new order.exe

windows10_x64

Sharing

General

Target

new order.exe
Size

580KB
Sample

201109-dfm5avre9j
MD5

84f8ac889156643db3a5fbfe7eb85cb3
SHA1

0424cd2eb37161e18087717362c2de57dfc91896
SHA256

aea995774e042d4c1aba6b954eb0e771548f7edb16c4d46c8cae3dae99ce7bc1
SHA512

760aa5689b1092519f9dbfcb2c25672d885fc4eb0e7ae4c384a97d6c1f9d358ef3ad710c6ff0f774fdfe66ec1e1c4b24eb390a86b63f6e085cb95b8730750bd6

Score

10^/10

agenttesla nanocore evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

new order.exe

Resource

win7v20201028

agenttesla evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

new order.exe

Resource

win10v20201028

agenttesla nanocore evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rajapindah.com
Port:
587
Username:
rizky@rajapindah.com
Password:
#r4j#citeureup#13

Targets

- Target
  
  new order.exe
- Size
  
  580KB
- MD5
  
  84f8ac889156643db3a5fbfe7eb85cb3
- SHA1
  
  0424cd2eb37161e18087717362c2de57dfc91896
- SHA256
  
  aea995774e042d4c1aba6b954eb0e771548f7edb16c4d46c8cae3dae99ce7bc1
- SHA512
  
  760aa5689b1092519f9dbfcb2c25672d885fc4eb0e7ae4c384a97d6c1f9d358ef3ad710c6ff0f774fdfe66ec1e1c4b24eb390a86b63f6e085cb95b8730750bd6
Score

10^/10

agenttesla evasion keylogger rezer0 spyware stealer trojan nanocore
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslananocoreevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy