Overview

overview

10

Static

static

RFQ-000083832.exe

windows7_x64

10

RFQ-000083832.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55d13bc0bf04dc61568e4f51c854f903bcbc04a5f330eb348b1afe66548a3e05

  • Size

    523KB

  • Sample

    220521-bt8smafeem

  • MD5

    b479fc7c5c2acfacca62669bb871a92a

  • SHA1

    887a744bc9725beb2b0ae5bb895f7f4a0ff12801

  • SHA256

    55d13bc0bf04dc61568e4f51c854f903bcbc04a5f330eb348b1afe66548a3e05

  • SHA512

    2e08f4ea004b3bfff3a1919f02058d0284d5a267de6885ba2c6fba587e613685c06e38d9f068787be9df22629688ac0258052c6cb89e8cff8db97890464a8c2a

Score
10/10
agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.pptoursperu.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mailppt2019-

Targets

    • Target

      RFQ-000083832.exe

    • Size

      603KB

    • MD5

      3c29cde1d757b9a8d0cbed03feb6163c

    • SHA1

      60ca0da86ec5b2fb3236f1906a8d5a0513fbfb59

    • SHA256

      42af6a36e4b258c564fe1b8a495dda8e269e2c3ad4a4850bf30ec3b22a095c5f

    • SHA512

      b1529e0d494d7d82e5d99900e287db7183fee0a9c4271f537e6bc8313f4b63ab8ed533bb829df482f8bb616a1c31ab38198488c801cbc45085349fe7bd5d782f

    Score
    10/10
    agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks