agenttesla | a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ_ITT 30...df.exe

windows7_x64

RFQ_ITT 30...df.exe

windows10-2004_x64

Sharing

General

Target

a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94
Size

324KB
Sample

220521-blfrwafafr
MD5

9719b80c133b0824d0377c973190e637
SHA1

ddf40df249dfba3ef0cecff15e92d8c6b78032ac
SHA256

a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94
SHA512

17f11b2cb472cd8d704413ef0b3eda56c24755826d489598cdfd9d4d1fbd4149cb2f688c1395783154f145fce1555f2601d65c1cb8b5e2a274d575429f08234c

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ_ITT 30-2020.pdf.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ_ITT 30-2020.pdf.exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.apipharrnatech.com
Port:
587
Username:
[email protected]
Password:
BlFM)d_p2D{K

Targets

- Target
  
  RFQ_ITT 30-2020.pdf.exe
- Size
  
  365KB
- MD5
  
  2857e40a8d328c591b1ce60a864af646
- SHA1
  
  f41405988bf66bbf5c60a4c735fcf2d9949fae2a
- SHA256
  
  18ee411e31ac1f4e3bcd2d811b147853bf2977645c631809acc75b7639e7292c
- SHA512
  
  e2de483b24c09c6c42f315992401852cf3d8439ed8ae2c1860e25116e4e00b7a5c9b4849a6d8714833b79b2b1cead465e3a67552f99ac3c4d28025cc093d94a8
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy