agenttesla | 5f2d4ef9bf4aac8ea133268815414aca14083f0bec52de35d151f2eefbb309c2 | Triage

Submit
Reports

Overview

overview

Static

static

PO-1105902...df.exe

windows7_x64

PO-1105902...df.exe

windows10-2004_x64

Sharing

General

Target

5f2d4ef9bf4aac8ea133268815414aca14083f0bec52de35d151f2eefbb309c2
Size

576KB
Sample

220521-btt98scea8
MD5

d24d04ba28c1cf07ae2d562f5929373a
SHA1

4d19dd2779c62f1624691adeb424b9884f791bbd
SHA256

5f2d4ef9bf4aac8ea133268815414aca14083f0bec52de35d151f2eefbb309c2
SHA512

05e2b6167aee69e89b4a697d536f3434e4d9e53c5ab824da1ffae655af0569b080aa83415078428a6129b20b5095a3959a9975ff5f8864e68f3b2ac934e8b09b

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO-11059021022021.......pdf.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO-11059021022021.......pdf.exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
[email protected]
Password:
Batam2019

Targets

- Target
  
  PO-11059021022021.......pdf.exe
- Size
  
  720KB
- MD5
  
  3e5c33f7b75d087ef1e5ff8fe7585f1a
- SHA1
  
  d2592e11aff5472be101384583ecad21b1384151
- SHA256
  
  f37fbb193f6ba57d318e7f5333fa7870282de9b3322e024c65d89977d2ec594c
- SHA512
  
  ded2f0a038ef57ed94431b0e30207e2f533284077076c2969ef3cfe4b929827b439f52c6236e8b370c4ed45e318b930bb57143d2148d4af5d8f401a8bf90e0f0
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy