agenttesla

General

Target

dba1c6f4dd89c52525317f5f5579a08272ce31acc5be21d8309b2712cb6d5f34
Size

417KB
Sample

220521-cfzs8sdgg9
MD5

d9d6d06889b9aa9639c9718578c108a3
SHA1

d10eea0f18c5fc9e2b952b0ab1fe277d5a196709
SHA256

dba1c6f4dd89c52525317f5f5579a08272ce31acc5be21d8309b2712cb6d5f34
SHA512

4fde14a1b058b513e62bdf1560a70cb8612bd55639273df92d08bb5aba601bc732f3292d86a47c2fe34d2564f98ba71936c6174c8579783432c873f089b6bdb7

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
[email protected]
Password:
Batam2019

Targets

- Target
  
  PO 8433,.exe
- Size
  
  475KB
- MD5
  
  f31de3ccbfeaab2d3c5444864a3751d0
- SHA1
  
  95f329022a882bfbbc36717bd9b324aed0513dc2
- SHA256
  
  f21d472a74c33a35138111341a52a7dd85dc6131c788fa79dfc17537626dc12b
- SHA512
  
  083acfbdf3edaea147aaefda36d8d27339ff7c6ed48f2e9438bc232c465f83c7bfcccd53a92fb2ec42a7d1807cfdc4454f270782a16a4b5fc6cd141d6669fa7e
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2