agenttesla | d1c344f6235301f1e7da7c9b0ff6464f2f9e20ed9a0e8d8c178199d644c69912 | Triage

Submit
Reports

Overview

overview

Static

static

items 001.xlsm.exe

windows7_x64

items 001.xlsm.exe

windows10-2004_x64

Sharing

General

Target

d1c344f6235301f1e7da7c9b0ff6464f2f9e20ed9a0e8d8c178199d644c69912
Size

395KB
Sample

220521-ch8h6adhh4
MD5

51ae23aab9adfcd32394dde4d8d27e9b
SHA1

c4b134f7e847c2347ba6a89374c7c6569340ee72
SHA256

d1c344f6235301f1e7da7c9b0ff6464f2f9e20ed9a0e8d8c178199d644c69912
SHA512

f2fc96c662047ae7df9c75d08d74006790ae1a6830fbc61b519aa09375f8c3e215035aca4746284da061b6b0dcbeee602067ef8f793448e5948f72e042eaab20

Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

items 001.xlsm.exe

Resource

win7-20220414-en

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

items 001.xlsm.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pptoursperu.com
Port:
587
Username:
[email protected]
Password:
mailppt2019-

Targets

- Target
  
  items 001.xlsm.exe
- Size
  
  488KB
- MD5
  
  35f182cd6015448d90271bae97b6e48e
- SHA1
  
  f1bd8aa2087b48458741afb60529b39c3b167034
- SHA256
  
  6f5b0135a9800946845f48fdd84ab322ca4c4c5c1efcb79fcf82969f76099886
- SHA512
  
  7b6e3d4ed0cab1d8e61d972ddefe0dd72c95bb49c680b9e42fda65907bd708d792c47c853d80e969230fd1600e11bdc62f22e9c9d302732f680fdd5c47fe3f29
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy