agenttesla | 2f64d8f877ff01d8d60aa6b8b9b7a363b368f66d8a035af2189108fb2d7176ab | Triage

Submit
Reports

Overview

overview

Static

static

?gnp.LB025072OP.exe

windows7_x64

?gnp.LB025072OP.exe

windows10-2004_x64

Sharing

General

Target

2f64d8f877ff01d8d60aa6b8b9b7a363b368f66d8a035af2189108fb2d7176ab
Size

430KB
Sample

220521-bw2gbscfa6
MD5

350c470b7a1842e4c74d98e8f55184b4
SHA1

949c7710cf7fc6c201d0a906db4edfee4a322ab8
SHA256

2f64d8f877ff01d8d60aa6b8b9b7a363b368f66d8a035af2189108fb2d7176ab
SHA512

a06d6794ccbf83b45172ae17a2c8ac513fdd75689eba61612c746651df856547ecf39fde6c3910bcc0273c6606bd8627d0ce385500c8efc2473739953206fdbd

Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

?gnp.LB025072OP.exe

Resource

win7-20220414-en

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

?gnp.LB025072OP.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.winhalltech.com
Port:
587
Username:
[email protected]
Password:
Hafizzul*010218

Targets

- Target
  
  ?gnp.LB025072OP.exe
- Size
  
  531KB
- MD5
  
  e5378bc95a287b6aa4e858d850a49e05
- SHA1
  
  4649a2f12d7cf68268591d9c4a6aa7e47d8d465f
- SHA256
  
  4809230caa014763badc67dc546c2facfe4ad68787275c02e87329a28e66fcf8
- SHA512
  
  ae61c4925b39dbeece4c37dca544d1ca85daab0c677f4877948fb6eb7e9384ce5315ffd407518d61aa52ad8dfd363e186f5791f6a84818b6b87631b40baeb943
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy