agenttesla | d45a2fb13815708120941d7dbd7b221188247c0c25d5bd421ef574dd8ed592ad | Triage

Submit
Reports

Overview

overview

Static

static

duk.exe

windows7_x64

duk.exe

windows10-2004_x64

Sharing

General

Target

d45a2fb13815708120941d7dbd7b221188247c0c25d5bd421ef574dd8ed592ad
Size

577KB
Sample

220521-bngrysfbfr
MD5

2947ffc71628bd3b180b1fd3619e595f
SHA1

c82de94bf4e69fb953c995cf4ad27b6d3e9f3208
SHA256

d45a2fb13815708120941d7dbd7b221188247c0c25d5bd421ef574dd8ed592ad
SHA512

12d8d9266837a85df8438b31dfb8bc9f8f1e905fa8e45b008712edd746604d9c50f76ab65e373fbe71e9c26241c64746997b44d9d957fa238890da75192cb9da

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

duk.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

duk.exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotel71.com.bd
Port:
587
Username:
[email protected]
Password:
9+^va&phP1v9

Targets

- Target
  
  duk.exe
- Size
  
  721KB
- MD5
  
  214d7bb44c3bfa9d424c36de11df39e8
- SHA1
  
  020ee2d28edbf2e1df9cf0ba6e1b04c50f3675d4
- SHA256
  
  e30672336261f66449f9e3e1f7e4fd6ba381e6046cdb5c9ba0088c576aca5176
- SHA512
  
  4ecb3353dd94416113c4fe68b8c5ed1f62a9a4cdae5fb6c0bf4095fc33e646903291ff15c1216d571ec1b2cf276c8f75f77742d361ac703b1fc27fe770a71d82
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy