agenttesla

General

Target

d6763692670aefdbeaf078f96827fd2218dab49654fc8d38d8c71ca6882cf262
Size

414KB
Sample

220521-cg5qwadhd3
MD5

08cc7153c471e3818ff9dfb45ffbb1b4
SHA1

f168c0b0b0981ac456c61370252028e0e2e152a1
SHA256

d6763692670aefdbeaf078f96827fd2218dab49654fc8d38d8c71ca6882cf262
SHA512

47b3efcfad1b70daa5a4cad45ae0da6993e33f390fa23ecbb2295f4a1e9c27b6f9c34bfe0a43b119c318f5fcfe31ef070bb0597ef7895ffc31efe97dbbba39af

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.microtechlab.in
Port:
587
Username:
[email protected]
Password:
pune@123

Targets

- Target
  
  doc37281.exe
- Size
  
  474KB
- MD5
  
  7bdcda5cef8a47b296523f82f8832212
- SHA1
  
  5ac780660eaa4b61dd57c51a5589d66af88b7680
- SHA256
  
  b8ec5237b0bbe2d7428c7c58b4a7c76f6356a8579d3f2547dcc238b32a5a1669
- SHA512
  
  9a8c35f2f4624cf2af6590cfc622faf9b360ed27518a91058178b21fd14b636347319c7b6b33989936db6ac5046f38f27a93536960450b3abd0e8062e6eb2007
Score

10^/10

agenttesla collection evasion keylogger persistence rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2