Overview

overview

10

Static

static

RFQ_ITT 04...df.exe

windows7_x64

10

RFQ_ITT 04...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ_ITT 04-05-2020.pdf.exe

  • Size

    371KB

  • Sample

    201109-htnpbtexkj

  • MD5

    4138aed97250648065f7f78aafdcb962

  • SHA1

    5d31618b65831a0e696e69184f3a71e8f23db7a8

  • SHA256

    facf028923bb080f70fa54f8c547679651df7d1dbb618cdeda7b16f8fb0f4005

  • SHA512

    e4f961d9810f3312d9501ba566552dede980330f153f9c3be905b7899474b13e7eb2df00cb73e1f3451c276107afd58ebb4facf983018e3a2d9d524e071e8d58

Score
10/10
agentteslakeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.apipharrnatech.com
  • Port:
    587
  • Username:
    ard@apipharrnatech.com
  • Password:
    BlFM)d_p2D{K

Targets

    • Target

      RFQ_ITT 04-05-2020.pdf.exe

    • Size

      371KB

    • MD5

      4138aed97250648065f7f78aafdcb962

    • SHA1

      5d31618b65831a0e696e69184f3a71e8f23db7a8

    • SHA256

      facf028923bb080f70fa54f8c547679651df7d1dbb618cdeda7b16f8fb0f4005

    • SHA512

      e4f961d9810f3312d9501ba566552dede980330f153f9c3be905b7899474b13e7eb2df00cb73e1f3451c276107afd58ebb4facf983018e3a2d9d524e071e8d58

    Score
    10/10
    agentteslakeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks