agenttesla | dccf76439fbd7e0afbaf8b56edda49b8a842c4b9447a9ebcf71874a622abe2c8 | Triage

Submit
Reports

Overview

overview

Static

static

SOA_JAN_MA...oc.exe

windows7_x64

SOA_JAN_MA...oc.exe

windows10_x64

Sharing

General

Target

SOA_JAN_MAY_20_doc.exe
Size

500KB
Sample

201109-ffxva4yn2a
MD5

2e1a3f171e9adfb0cbd28a59a72409e3
SHA1

5a2b23a48bc746f333663baffbe9b8e166a72008
SHA256

dccf76439fbd7e0afbaf8b56edda49b8a842c4b9447a9ebcf71874a622abe2c8
SHA512

91da04f3ff9f893e1d4fe7f1475ab525d5b75bc021d3d6ce746b94988ae246a0970d6841be1b6fe8f7c4cd79bc6215d10547c4b02158630a2f8c6a1412a1a057

Score

10^/10

agenttesla snakebot coreentity evasion keylogger rezer0 snakebot spyware stealer trojan

Static task

static1

snakebot snakebot

Behavioral task

behavioral1

Sample

SOA_JAN_MAY_20_doc.exe

Resource

win7v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SOA_JAN_MAY_20_doc.exe

Resource

win10v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pptoursperu.com
Port:
587
Username:
info@pptoursperu.com
Password:
mailppt2019-

Targets

- Target
  
  SOA_JAN_MAY_20_doc.exe
- Size
  
  500KB
- MD5
  
  2e1a3f171e9adfb0cbd28a59a72409e3
- SHA1
  
  5a2b23a48bc746f333663baffbe9b8e166a72008
- SHA256
  
  dccf76439fbd7e0afbaf8b56edda49b8a842c4b9447a9ebcf71874a622abe2c8
- SHA512
  
  91da04f3ff9f893e1d4fe7f1475ab525d5b75bc021d3d6ce746b94988ae246a0970d6841be1b6fe8f7c4cd79bc6215d10547c4b02158630a2f8c6a1412a1a057
Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

snakebotsnakebot

behavioral1

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy