agenttesla

General

Target

09afbfb9d18062653cfebd212be22748eefbe361356f033eafc112df1e5b3e6c
Size

828KB
Sample

220521-byr1nscfg9
MD5

809d46f5b6f7edfc55f494689e169883
SHA1

985db36d67dad6fb604ccc1b098aeb584fe74ad5
SHA256

09afbfb9d18062653cfebd212be22748eefbe361356f033eafc112df1e5b3e6c
SHA512

a079b5d90588a840f0c89bcc7150eed6c285c65bf2504de4b141916a1b6e5512bb9f047af843f551259d2e80ae77f829e42dbfd4d8969b0c904424899a80e48e

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
[email protected]
Password:
Batam2019

Targets

- Target
  
  payment receipt.exe
- Size
  
  900KB
- MD5
  
  7fdd090c8b9fe2544b1fa4dc4c96bc11
- SHA1
  
  3147873d755d9e30a5bd61ab132942a79558f43d
- SHA256
  
  8e25b6df9458100758e0656d3529e0edf64e4bab339e7be71145304477ed9bbf
- SHA512
  
  88d448db785836f88866de11101d6bbd568e73eb1befc85c7492340c81629b2eb00ee867d235c8f73568ee620a90376cb473be0d938bd72e31f625a0e81ce523
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2