agenttesla | dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2 | Triage

Submit
Reports

Overview

overview

Static

static

Trung Viet...20.exe

windows7_x64

Trung Viet...20.exe

windows10-2004_x64

Sharing

General

Target

dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2
Size

536KB
Sample

220520-3pesjacbeq
MD5

d2dc932b737251a5242ddccceb1a3fe2
SHA1

f4157f1d278a2cfed597d4b67b25bb84eba32491
SHA256

dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2
SHA512

20cf19fa5bf5437abcac0092a09b90c165ece768b03e476302e38ef69a4ecaf0892684806c845517aed62098ef0bf675305dae913ce29599724902ecf1ce0671

Score

10^/10

agenttesla collection keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Trung Viet - new order documents_#0020.exe

Resource

win7-20220414-en

agenttesla collection keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Trung Viet - new order documents_#0020.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.daiphatfood.com.vn
Port:
587
Username:
[email protected]
Password:
jn&6kG~_w;;A

Targets

- Target
  
  Trung Viet - new order documents_#0020.exe
- Size
  
  731KB
- MD5
  
  061f529a79ebc01dd049acbdb1bb8528
- SHA1
  
  2b0937e1dbbdc56b8e13f45f0b5cade3ca022f85
- SHA256
  
  cb037c1db10c1211bf9ae9b2bedffefffc20a3ba95295efd69f2f270c8afed30
- SHA512
  
  b0ef9f645e250603c649d5243763432dd831157bdced392b112e957142bef942320bd612ac7f7b583d478bd9ec6c186dc9e546b024ede3a64d7d9442de813231
Score

10^/10

agenttesla collection keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy