agenttesla | 4a2c1f3c1df5c34f1c99c8f7cc8b18fae2c71189e6e383face3ff7fa31224f52 | Triage

Submit
Reports

Overview

overview

Static

static

opo.exe

windows7_x64

opo.exe

windows10_x64

Sharing

General

Target

opo.exe
Size

528KB
Sample

201109-g9ag1ejbxe
MD5

2d518011d53c1cbb00a23a53e259aa08
SHA1

0e846cf62a46c5e90c0d4bd62214b76c068196e1
SHA256

4a2c1f3c1df5c34f1c99c8f7cc8b18fae2c71189e6e383face3ff7fa31224f52
SHA512

853cf293a0f8972de34c88df10ee41d2e678f8ff141d73678f0758c448885be57d5facab9169ea1c4f169b978fb3b671c7416519001b7b4f263ff60ca2997a58

Score

10^/10

agenttesla snakebot coreentity evasion keylogger rezer0 snakebot spyware stealer trojan

Static task

static1

snakebot snakebot

Behavioral task

behavioral1

Sample

opo.exe

Resource

win7v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

opo.exe

Resource

win10v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cpworldindia.com
Port:
587
Username:
parag.bapodara@ahd.cpworldindia.com
Password:
bopo@2014

Targets

- Target
  
  opo.exe
- Size
  
  528KB
- MD5
  
  2d518011d53c1cbb00a23a53e259aa08
- SHA1
  
  0e846cf62a46c5e90c0d4bd62214b76c068196e1
- SHA256
  
  4a2c1f3c1df5c34f1c99c8f7cc8b18fae2c71189e6e383face3ff7fa31224f52
- SHA512
  
  853cf293a0f8972de34c88df10ee41d2e678f8ff141d73678f0758c448885be57d5facab9169ea1c4f169b978fb3b671c7416519001b7b4f263ff60ca2997a58
Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

snakebotsnakebot

behavioral1

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy