agenttesla

General

Target

d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf
Size

457KB
Sample

220521-ch5ghahaar
MD5

3d0e1c2c0e6fa4372a4c8e31bbad6b6d
SHA1

00b05c3c80c2562eeb3c1b41ed64623cbe9f9453
SHA256

d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf
SHA512

862c576a9176d0dfa2fdea4d39c1a5984afdd294f7056adaf97822bdcf80af95cae1cb3f12e294a21ce28004a04eb669768a0a63e6d7ec725081bbf947908175

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cpworldindia.com
Port:
587
Username:
[email protected]
Password:
bopo@2014

Targets

- Target
  
  opo (1).exe
- Size
  
  500KB
- MD5
  
  6f366f6932afabce27a09613f221fe7d
- SHA1
  
  4795261b97ca244bef5a007e2bcce74350a091eb
- SHA256
  
  f35fa2a6281a2a24016729d315083a638edf176a890a605dba2ac134e1733bb3
- SHA512
  
  8d063bb927760a9b3ad435162b3b97f0ccd824e6aaa96e97baa71460b29ae12388399138a0862e79d5754f1056e2e8ee5cd09ec91d02fdc3ee8578ca089ac651
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2