agenttesla

General

Target

7d21ce5280d075c160a1c4688ea3f3a1b9c0ab23bf551a6f457b3d04f7f8c5f0
Size

420KB
Sample

220521-bsjr4sfdgp
MD5

f02806d6a654cc8963f9e2a0ce5b52d3
SHA1

f8c015654ea8dfa1063b87b190703d24cdb98b12
SHA256

7d21ce5280d075c160a1c4688ea3f3a1b9c0ab23bf551a6f457b3d04f7f8c5f0
SHA512

52646857d2bdb11968706783c54c69f2a9ee1fad3f6bed6e1af690921994e7989720a6a884b898568f833159f01e91d029c08e71b16d85670c3e11a22cd0b6d3

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pptoursperu.com
Port:
587
Username:
[email protected]
Password:
mailppt2019-

Targets

- Target
  
  PURCHASE ORDER KALI-1374W.exe
- Size
  
  492KB
- MD5
  
  8d51581d38bf6d814eeb107d8bb7056c
- SHA1
  
  cf22a586b7a298ab0032b20695902d43673d9c17
- SHA256
  
  1ab6018047531cee5f411099f396fb8fcdf2c8c20062e9c33118726265ccd5fb
- SHA512
  
  54588360eda1bd70c2b8da73297676d9bcbb6db0c56c49fa442308b7fdb1b2429586d9c7db5ccdcd23afc2d39fd5d2e40382faebbbe738ebdf363f13cd1cd563
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2