agenttesla | 05c734317f0e2207606025a52074d87d81d588977eb8bf218728f81b48a30c3b | Triage

Submit
Reports

Overview

overview

Static

static

O_R_D_E_R ...nt.exe

windows7_x64

O_R_D_E_R ...nt.exe

windows10-2004_x64

Sharing

General

Target

05c734317f0e2207606025a52074d87d81d588977eb8bf218728f81b48a30c3b
Size

428KB
Sample

220521-byyhfsfgek
MD5

3037116f3fb8c036281b9c2628f163a6
SHA1

90d29c5565b0d114174d64e071920da48524e182
SHA256

05c734317f0e2207606025a52074d87d81d588977eb8bf218728f81b48a30c3b
SHA512

3ce23a44ea37f622ed9be170bbde61e71d0e4463eb8a6931d8e0b753ecefdf39b1e58fb8f857d802996ecce598f31ce92ce54a73b1e2066d630c2d5af180f187

Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

O_R_D_E_R JuneJuly Shipment.exe

Resource

win7-20220414-en

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

O_R_D_E_R JuneJuly Shipment.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
mkoify147@@@

Targets

- Target
  
  O_R_D_E_R JuneJuly Shipment.exe
- Size
  
  510KB
- MD5
  
  1c76f6f0ff84104e4113b0cc75a6c05c
- SHA1
  
  578e85e628bf0d644798b2d5c7e0bcdb565cb0ee
- SHA256
  
  e1432f2dde886e737a5bf123c430c167c86285406b779fd67eaf4bf9c8fa7022
- SHA512
  
  b95960b92df3b308cfe56836bd7e5d7228abe7632fc4c76d5d7274f4fe7dc5c16e9da0210f5bb838b0e737e449c773833528072250503da7e89192a5e4d66095
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy