Overview

overview

10

Static

static

RFQ-000083832.exe

windows7_x64

10

RFQ-000083832.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-000083832.exe

  • Size

    603KB

  • Sample

    201109-ks6q4r6npe

  • MD5

    3c29cde1d757b9a8d0cbed03feb6163c

  • SHA1

    60ca0da86ec5b2fb3236f1906a8d5a0513fbfb59

  • SHA256

    42af6a36e4b258c564fe1b8a495dda8e269e2c3ad4a4850bf30ec3b22a095c5f

  • SHA512

    b1529e0d494d7d82e5d99900e287db7183fee0a9c4271f537e6bc8313f4b63ab8ed533bb829df482f8bb616a1c31ab38198488c801cbc45085349fe7bd5d782f

Score
10/10
agentteslaevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.pptoursperu.com
  • Port:
    587
  • Username:
    info@pptoursperu.com
  • Password:
    mailppt2019-

Targets

    • Target

      RFQ-000083832.exe

    • Size

      603KB

    • MD5

      3c29cde1d757b9a8d0cbed03feb6163c

    • SHA1

      60ca0da86ec5b2fb3236f1906a8d5a0513fbfb59

    • SHA256

      42af6a36e4b258c564fe1b8a495dda8e269e2c3ad4a4850bf30ec3b22a095c5f

    • SHA512

      b1529e0d494d7d82e5d99900e287db7183fee0a9c4271f537e6bc8313f4b63ab8ed533bb829df482f8bb616a1c31ab38198488c801cbc45085349fe7bd5d782f

    Score
    10/10
    agentteslaevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks