agenttesla

General

Target

842f3134c83fcbdf97601cd1222e76eba74c45216a3b29d734efdb6a000e6068
Size

385KB
Sample

220521-b1tmaafhcp
MD5

cf79d96e7445e033df9bb6d4b7d993d6
SHA1

26b33572ef200925f0f5b56ce21c16c2ddf355f8
SHA256

842f3134c83fcbdf97601cd1222e76eba74c45216a3b29d734efdb6a000e6068
SHA512

09818f6e14d3fcb9ca6d9780f2096c88e4ffae6ca9e6b943e3d5a40b5ad24108cacb904f156d07c252f738778d7e2d513cce361e93ea0b70bc096a752fc2ee8c

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
%smtp%
Port:
587

Extracted

Credentials

Protocol: ftp
Host:
premium38.timeweb.ru
Port:
21
Username:
cf95552
Password:
ce40zgS4xi6r

Targets

- Target
  
  Halkbank_Ekstre_20200213_154827_701859.exe
- Size
  
  468KB
- MD5
  
  d96dd42bfca040bf5d1b39bdf86621c7
- SHA1
  
  6190b602dd823c485cbdd036d355b13c6e9995a5
- SHA256
  
  69e836f80b35f0405195f3eab755c9c0c4be8e1331693228675348b7a2660f79
- SHA512
  
  f8e1de487f62c094ecbb75c183a8d6c178e4633d38fdbb205dd9c23e1e285e6093009f847f8d06d299839a89e49bb96e221162a2c74d7523c3ac6c54fab9c877
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2