Overview

overview

10

Static

static

6 x 40ft C...rs.exe

windows7_x64

10

6 x 40ft C...rs.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6 x 40ft Containers.exe

  • Size

    465KB

  • Sample

    201109-tx94epn2p2

  • MD5

    aed60ac814a62d82531d6bd327570320

  • SHA1

    863c5a7b2525ad3a3acd80cd9eb4a582dea5ab8f

  • SHA256

    43102baba4383d06d675a03ae51962493a841b6d15389bc82145df70fbbd47b7

  • SHA512

    a40a9aac4e5917ee75f962e2291fc96c5d384b253115194c31c06f5766fabd6b486ea76eafd562ba17c1f9ed25ca1f0e41d9fd5e9506d096396fb89c1609d1ae

Score
10/10
agentteslakeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.privateemail.com
  • Port:
    587
  • Username:
    sales01@seedwellresources.xyz
  • Password:
    coronavirus2020

Targets

    • Target

      6 x 40ft Containers.exe

    • Size

      465KB

    • MD5

      aed60ac814a62d82531d6bd327570320

    • SHA1

      863c5a7b2525ad3a3acd80cd9eb4a582dea5ab8f

    • SHA256

      43102baba4383d06d675a03ae51962493a841b6d15389bc82145df70fbbd47b7

    • SHA512

      a40a9aac4e5917ee75f962e2291fc96c5d384b253115194c31c06f5766fabd6b486ea76eafd562ba17c1f9ed25ca1f0e41d9fd5e9506d096396fb89c1609d1ae

    Score
    10/10
    agentteslakeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks