Overview

overview

10

Static

static

RFQ cópia...21.exe

windows7_x64

10

RFQ cópia...21.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4cbfccf59aef5d47a77cce8b35626e813c5ee96cfa3b7eb54c9c84fb012f903

  • Size

    408KB

  • Sample

    220521-cdtjfaggbn

  • MD5

    b0761214fa283abb1c4fc6c731f4f7c8

  • SHA1

    d828b0578a6db7be69c47cdff88aa49480ebe275

  • SHA256

    e4cbfccf59aef5d47a77cce8b35626e813c5ee96cfa3b7eb54c9c84fb012f903

  • SHA512

    c4a6049647e47aade532e4dab16300e29163557c3f4500903848bb107bf4b91d7403b21aa7b5c76ca4641fa818a4a12f4107f7559afa60864c0ce07590bf20b2

Score
10/10
agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ijeomam288

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ijeomam288

Targets

    • Target

      RFQ cópia de____PDF__5721.exe

    • Size

      504KB

    • MD5

      2cc13eb9843601601a70d384478b2fee

    • SHA1

      58fe1c18d68f2872b35c11b5b15d4516786f3813

    • SHA256

      f1d7247c8ffbddee868cba452966a10f19c0191f945759589134f1e2f67599c9

    • SHA512

      2137061ffb6d4431b06d573f3c38a5feb9bf9491a279fc41a359b4b500b08facfd245cb4868288e33fafed5fc6ed7140deb2e8ac4d900df5b45f0d603b9c611c

    Score
    10/10
    agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks