agenttesla | c6eb2e79f00763ce42b8c4904bfd83869bcc09259ec4fbcbb194730be0f6206c | Triage

Submit
Reports

Overview

overview

Static

static

Remittance...53.exe

windows7_x64

Remittance...53.exe

windows10-2004_x64

Sharing

General

Target

c6eb2e79f00763ce42b8c4904bfd83869bcc09259ec4fbcbb194730be0f6206c
Size

412KB
Sample

220521-clnyxsebb6
MD5

a94a26a8425ff49a98b6c6df2855dbc7
SHA1

8eaa09a68532471dd4db8982b660b3fe7f560db8
SHA256

c6eb2e79f00763ce42b8c4904bfd83869bcc09259ec4fbcbb194730be0f6206c
SHA512

4b6e722ba32b57789e036b930454d4faef03d377c28aaf71bc06d21a5d4a1a0609e2ae12c598f00ef9846d9c4c6665d301e48b9ff38744b3969fa49befb09c08

Score

10^/10

agenttesla collection evasion keylogger persistence rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Remittance advice_63653.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger persistence rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Remittance advice_63653.exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.microtechlab.in
Port:
587
Username:
[email protected]
Password:
pune@123

Targets

- Target
  
  Remittance advice_63653.exe
- Size
  
  455KB
- MD5
  
  2879721f8b9759ef832a173a4aef7f74
- SHA1
  
  e44ce3d55b58edd0fbdb51b78a2db0ca1da35d32
- SHA256
  
  24be3b1c3a8a56f3028bb533082f4e8e93f1405b7066e4facde544c22010afa5
- SHA512
  
  50014f4ab829d1e5379952ac2a19c46abfd0e73585231a6d6e0078db2218ff92149cc1b1d547eef7295ed3c48ff0866586509d5a2258b3bc2dd3bf1ccabe6625
Score

10^/10

agenttesla collection evasion keylogger persistence rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerpersistencerezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy