agenttesla | 6f7a21f174b891758b93e5213ed1c59e7028a5bc81e904092bdde053a5068be9 | Triage

Submit
Reports

Overview

overview

Static

static

731104 A- ...rm.exe

windows7_x64

731104 A- ...rm.exe

windows10-2004_x64

Sharing

General

Target

6f7a21f174b891758b93e5213ed1c59e7028a5bc81e904092bdde053a5068be9
Size

488KB
Sample

220521-amzeyadden
MD5

d2800dfa1867764f7cdd5af08a9507f7
SHA1

b7040d72d6ce0098029bed15da9267f7f1931907
SHA256

6f7a21f174b891758b93e5213ed1c59e7028a5bc81e904092bdde053a5068be9
SHA512

971c39d8f44a7a5a3dc3b0d998215c3d755ac11ddd0733a67ab7d1ccc7852b39bcadf4a1355346d8ab35c225cb83a4f8946dd7f590bc67d1aa17363d06e674e3

Score

10^/10

agenttesla collection keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

731104 A- Billing form.exe

Resource

win7-20220414-en

agenttesla collection keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

731104 A- Billing form.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.radiomeff.mk
Port:
587
Username:
[email protected]
Password:
qazwsx@11

Extracted

Credentials

Protocol: smtp
Host:
mail.radiomeff.mk
Port:
587
Username:
[email protected]
Password:
qazwsx@11

Targets

- Target
  
  731104 A- Billing form.exe
- Size
  
  816KB
- MD5
  
  6e19e0712ae1e6d81d941842325a7ed9
- SHA1
  
  88cf0f0b24cae2ed9827193bc160b6b18fb6e816
- SHA256
  
  14eba8c7f68656e758892f4e97c02ea85f38b14fa36145d3aca2c5bfa91e712f
- SHA512
  
  7c9ed9074981feeff5fb3762ac769f011dfaff353f0e3a800804ddf42affdfe2336c97817f64d1e83969e88f4147b82e9c675bd336356c874c762a27d4bf3bb4
Score

10^/10

agenttesla collection keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy