Overview

overview

10

Static

static

PO-11059021022021.exe

windows7_x64

10

PO-11059021022021.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ad70dc95ae7e7d446a069e1d76157370c462c1fe84892c7ca08c13da517bebc

  • Size

    366KB

  • Sample

    220521-b1w3eacgh2

  • MD5

    83b1d28fd15723f3ab1299bbfe148eb6

  • SHA1

    226f49cbe0c6d3828b425ab010fea23282aa1d0d

  • SHA256

    7ad70dc95ae7e7d446a069e1d76157370c462c1fe84892c7ca08c13da517bebc

  • SHA512

    9e7c95f762b7575d4bef31c978807d637b12dd8408ef0cef08f45a33b6847187b71c783394e2122d0b1cb2c27b06ed1a65fdd98c534792fd2b0462811059f023

Score
10/10
agentteslacollectionkeyloggerpersistencerezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.standard-engg.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Standard123#@!

Targets

    • Target

      PO-11059021022021.exe

    • Size

      406KB

    • MD5

      c14e2f7c8e8cc81b9dca88b81369b5aa

    • SHA1

      845056cffbc74ef74ae18f1535819c1fd1eaefbf

    • SHA256

      329def7ed2b3e21852c057f9db14aa69756635b6be94de40b19b95bd10e1d71d

    • SHA512

      fe928fb529c1c0899a1d9f37ec8c5b7dce2341639f79d1d2a3a8aa0ab503012ff0a62900ebcf7a4dc9d05382716c9747a93ea1424bcabc9173f39a418435ffde

    Score
    10/10
    agentteslacollectionkeyloggerpersistencerezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks