Overview

overview

10

Static

static

TT- Swift ...df.exe

windows7_x64

10

TT- Swift ...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75aa0deb50e9ac8cc58804d617c8e77a2bab40b584161102de178bdede912495

  • Size

    389KB

  • Sample

    220521-c8h17aacel

  • MD5

    4be2fda97bd85430d6a5a7a58e52d6c0

  • SHA1

    2b6b1232263ed68bc702f4d592bac9692e2a9648

  • SHA256

    75aa0deb50e9ac8cc58804d617c8e77a2bab40b584161102de178bdede912495

  • SHA512

    b48a78122617992bc8c2fe12903a90376ce2dab330432966c52793c36fc898f1f3db8188e9bf1c4bd7fa349e8be7893f64f3c8f583b3939ca42775c7bedd3127

Score
10/10
agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.hotel71.com.bd
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    9+^va&phP1v9

Targets

    • Target

      TT- Swift Copy.pdf.exe

    • Size

      411KB

    • MD5

      cff3e5019bd36f4a7596fe229c9e6a2f

    • SHA1

      b7d7e42f24cb3c3ef10497a64398a888790dcbb0

    • SHA256

      9950693e7a2ed5a37008ea3a7c2a185132af4f3fedfbbba41fb03939dadb8044

    • SHA512

      67e13ab5417c8751b956fd429b13fe11291d0263699c4e8f253b7ab4e266b4b2afb1411ed0907b69d84c549d03c7f5398ff885d864899d743d200f7a222b5031

    Score
    10/10
    agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks