agenttesla | 24ebd06b07f1c9a22aaa2212d7a883ac692f0581f85ae3ec5617856ddb1d280a | Triage

Submit
Reports

Overview

overview

Static

static

SRUYM9J4.exe

windows7_x64

SRUYM9J4.exe

windows10-2004_x64

Sharing

General

Target

24ebd06b07f1c9a22aaa2212d7a883ac692f0581f85ae3ec5617856ddb1d280a
Size

1.2MB
Sample

220521-bxd3escfb9
MD5

5323b37953a5ba7674193cded94e37ac
SHA1

668fd1c977defe8763a8de9aac5ebfb46b81562e
SHA256

24ebd06b07f1c9a22aaa2212d7a883ac692f0581f85ae3ec5617856ddb1d280a
SHA512

905fec205b9f71cb847addb5fc6d33279c723c20f3bc1e7f39b33bfbe7e8abb95f9214d2a2d9bc8da4ccc75a7501f7a2052e3f562554be08dfec8c24489e7cc2

Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SRUYM9J4.exe

Resource

win7-20220414-en

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SRUYM9J4.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
coronavirus2020

Targets

- Target
  
  SRUYM9J4.EXE
- Size
  
  475KB
- MD5
  
  5fc1b1f7d19c60e9776c53deab129960
- SHA1
  
  655038400c51c6e137206f79fb9995b432665f93
- SHA256
  
  1fc23a174b140e18c483571695a84360667aa1c719451bba5c73a4ffe4da48d2
- SHA512
  
  2090df70e0073b04a93407e6f00ca235425a8d1076c12f7bfb2766e7da103d23600539015f47d7075c995add45accbfc15a18415be4a99e1a43a448e23af8a6d
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy