Overview

overview

10

Static

static

NEW INVOICE.exe

windows7_x64

10

NEW INVOICE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85759a08474216312dcb74e132817fe353f20631c854e3ccd95c97036590e7e1

  • Size

    495KB

  • Sample

    220520-2xks3sgbe7

  • MD5

    93c1c1f2ac36958f6f96f3107e94a5d4

  • SHA1

    86fc690a631eb604d3da1170143e115b680b8cd4

  • SHA256

    85759a08474216312dcb74e132817fe353f20631c854e3ccd95c97036590e7e1

  • SHA512

    9f0f32c7454b2a7613e6a769774305bdcada3743658b1a78a8c1bc4e16b403e32598f09683f800aa2ce8e54d1a4f3218b510f0fa45bca9f2d2006ae8f987c9b8

Score
10/10
agentteslacollectionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.proetizo.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    :n7#l_CcH8wh

Targets

    • Target

      NEW INVOICE.exe

    • Size

      561KB

    • MD5

      55b95046471af229ee99c420a9305466

    • SHA1

      5722d102e4010564f2428ed878c58a8a6a865e45

    • SHA256

      f63a89559c83329e8ea8f79ad5cbd03d3ae2f5a71312f26feecc132379c14eab

    • SHA512

      8eddf9d88a340fc70201fc6c2dd4b9ac9cf4523e0de24404ed2fe7ca98a832d4a30786ce82234829a2ef93d85ac83547829660cb121b0a19a7ca26af6dba9e69

    Score
    10/10
    agentteslacollectionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks