agenttesla | 3f68b22fb16c34f3e0b8f0437901b1a67ee94ad173d4d810abd91b7bf2c8d3a3 | Triage

Submit
Reports

Overview

overview

Static

static

PO# -RDPLI...50.exe

windows7_x64

PO# -RDPLI...50.exe

windows10_x64

Sharing

General

Target

PO# -RDPLI2020-03060 - PILOT# 154550.exe
Size

506KB
Sample

201109-qcd7f3ed36
MD5

9bf56e4b75bec106e43fa542d5329135
SHA1

d22427be6b476f2362463c291cd4682e6ecc5bb0
SHA256

3f68b22fb16c34f3e0b8f0437901b1a67ee94ad173d4d810abd91b7bf2c8d3a3
SHA512

22021ea13ae74b4acb1c96a48d39dca8bbc464ebad087ce978c3821175302e6580f393755043f81583fa4e51ecc8cd24aee2be7cab62efe66e175e149891af66

Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO# -RDPLI2020-03060 - PILOT# 154550.exe

Resource

win7v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO# -RDPLI2020-03060 - PILOT# 154550.exe

Resource

win10v20201028

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.villanika.gr
Port:
587
Username:
info@villanika.gr
Password:
n2^-9wE@Wl}t

Targets

- Target
  
  PO# -RDPLI2020-03060 - PILOT# 154550.exe
- Size
  
  506KB
- MD5
  
  9bf56e4b75bec106e43fa542d5329135
- SHA1
  
  d22427be6b476f2362463c291cd4682e6ecc5bb0
- SHA256
  
  3f68b22fb16c34f3e0b8f0437901b1a67ee94ad173d4d810abd91b7bf2c8d3a3
- SHA512
  
  22021ea13ae74b4acb1c96a48d39dca8bbc464ebad087ce978c3821175302e6580f393755043f81583fa4e51ecc8cd24aee2be7cab62efe66e175e149891af66
Score

10^/10

agenttesla coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacoreentityevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy