agenttesla | 51558f41331f2345cd146dc9705f48e8a6fdc425e6744658ff2ea53d42d34ae6 | Triage

Submit
Reports

Overview

overview

Static

static

QUOTE 002242020.exe

windows7_x64

QUOTE 002242020.exe

windows10_x64

Sharing

General

Target

QUOTE 002242020.exe
Size

2.1MB
Sample

201109-pacw17sbr6
MD5

bdbfa33c09b950889d9fc19954f20935
SHA1

d9c6cf2322734d49a1c479ff31d044ccef2f739e
SHA256

51558f41331f2345cd146dc9705f48e8a6fdc425e6744658ff2ea53d42d34ae6
SHA512

5ab3679f6c523a4a5d73678461f5089713b06fde01d59d42e2ca728d7723af01d135eba0737bf1606f105bb0a64573807cc687b8f4ba0666f4678948f1ae6fa7

Score

10^/10

agenttesla evasion keylogger persistence rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE 002242020.exe

Resource

win7v20201028

agenttesla evasion keylogger persistence rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTE 002242020.exe

Resource

win10v20201028

agenttesla evasion keylogger persistence rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.parshavayealborz.com
Port:
587
Username:
info@parshavayealborz.com
Password:
P@rshava123456

Targets

- Target
  
  QUOTE 002242020.exe
- Size
  
  2.1MB
- MD5
  
  bdbfa33c09b950889d9fc19954f20935
- SHA1
  
  d9c6cf2322734d49a1c479ff31d044ccef2f739e
- SHA256
  
  51558f41331f2345cd146dc9705f48e8a6fdc425e6744658ff2ea53d42d34ae6
- SHA512
  
  5ab3679f6c523a4a5d73678461f5089713b06fde01d59d42e2ca728d7723af01d135eba0737bf1606f105bb0a64573807cc687b8f4ba0666f4678948f1ae6fa7
Score

10^/10

agenttesla evasion keylogger persistence rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerpersistencerezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerpersistencerezer0spywarestealertrojan

© 2018-2024

Terms | Privacy