agenttesla

General

Target

78d5fe9eee91a5de1d1356965ffc648514c7c541fffc723fc1b753468af2eb63
Size

388KB
Sample

220521-c7f57sfbb7
MD5

f5c34d835f210d024964337a5d64d697
SHA1

3aa52d2a396231add38655cf7c7d07a3dd04f9a5
SHA256

78d5fe9eee91a5de1d1356965ffc648514c7c541fffc723fc1b753468af2eb63
SHA512

f488324d8db7659c278de5c76a95991ea193159974d9e2c27c6904dab00b3ac2e684787b8a7594aee78cc93d2e2bfbc0034f3203f5d4b387095a282f7e37d982

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotel71.com.bd
Port:
587
Username:
[email protected]
Password:
9+^va&phP1v9

Targets

- Target
  
  LEGAL ACTION ON YOUR COMPANY FOR LONG OVERDUE INVOICE.doc.exe
- Size
  
  446KB
- MD5
  
  6bdd9c15243bd5b8709b87b7ba10b3a9
- SHA1
  
  780f690b92f29296254f00b9f1958c2359991ad2
- SHA256
  
  2580575e95648d76aed0be387fbe6423ef72639b8aaa9e1ad84ebc5b74bcf7b5
- SHA512
  
  46a0f1f8a1c6d6cfbea8c287cd9f06fb44e987f8c452a2e5f99da852d871de1552a25eb7d79c794c817e16c7917d3e39383046173699c1fcc07f53dec0ec5cdd
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2