agenttesla | 798fb244e7a14d63cadd3eacb43f1ea453999e3a8aecc19c369a95b4c50698c9 | Triage

Submit
Reports

Overview

overview

Static

static

SOA_JAN_MA...oc.exe

windows7_x64

SOA_JAN_MA...oc.exe

windows10_x64

Sharing

General

Target

SOA_JAN_MAY_20_doc.exe
Size

493KB
Sample

201109-lp2qd1m29j
MD5

fecd60c16e011bb46d2def8b40a97c0d
SHA1

d58d6eddb59e69570fd6415db66a59963ec0c32c
SHA256

798fb244e7a14d63cadd3eacb43f1ea453999e3a8aecc19c369a95b4c50698c9
SHA512

8f32335b96b3f7dbe5afe185cd28c4de89460b4deb1fb43b4a5153ffc0e05398005d2d82ff985d4f563d0f887c5ec031e91263d89ca0e3461173a871d42124b1

Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SOA_JAN_MAY_20_doc.exe

Resource

win7v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SOA_JAN_MAY_20_doc.exe

Resource

win10v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pptoursperu.com
Port:
587
Username:
info@pptoursperu.com
Password:
mailppt2019-

Targets

- Target
  
  SOA_JAN_MAY_20_doc.exe
- Size
  
  493KB
- MD5
  
  fecd60c16e011bb46d2def8b40a97c0d
- SHA1
  
  d58d6eddb59e69570fd6415db66a59963ec0c32c
- SHA256
  
  798fb244e7a14d63cadd3eacb43f1ea453999e3a8aecc19c369a95b4c50698c9
- SHA512
  
  8f32335b96b3f7dbe5afe185cd28c4de89460b4deb1fb43b4a5153ffc0e05398005d2d82ff985d4f563d0f887c5ec031e91263d89ca0e3461173a871d42124b1
Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy