agenttesla

General

Target

0de8dced64072d768872c072a3f28906bcecb444324819ddc6e367f643f24e1a
Size

402KB
Sample

220521-d2qywsbfgr
MD5

ed11a055f368ef7d220d5ce9f95be07a
SHA1

e5b2bc2c34ee209ef9a3f68d7b91655d01baa6f1
SHA256

0de8dced64072d768872c072a3f28906bcecb444324819ddc6e367f643f24e1a
SHA512

c783f21f6aa0ec333ed56d9c1b0481299ba4dd48ba1150126ba982c7bdfeca7c26f8e2aa4b9b039b28c40955df02d6eadf33b64172896f0fd4f259ca287b0b9a

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.elhelado.com.mx
Port:
587
Username:
servicio@elhelado.com.mx
Password:
4042Ad@+

Extracted

Credentials

Protocol: smtp
Host:
mail.elhelado.com.mx
Port:
587
Username:
servicio@elhelado.com.mx
Password:
4042Ad@+

Targets

- Target
  
  0030294009841121_05_14_2020.exe
- Size
  
  507KB
- MD5
  
  e14e866146e8241793c2b77aa109b86a
- SHA1
  
  ea6dd9fb056858f2312c976399169cecda46cfaf
- SHA256
  
  54c5c6ca1ecad5ee8aa26e23810788aafd5b7a2b643b621bf372a2ee75dcc522
- SHA512
  
  734ef5de33f010f71462455f3ab91f30e8200c4eece72f7f76d0c96b03105007fc8a7266e5a1b0b4380e964bda34839a78981bc0764c44e54ac53b125e12331e
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2