agenttesla

General

Target

0d2671309e0ab3c8145965e9d11bfa16c5f8e21990c92cb692d904ece10bb48f
Size

389KB
Sample

220521-d2wt5sbfhl
MD5

9d79f892d819742209d8cc054aa0d8a1
SHA1

293c04a6ae71733ce0ad5af780c10ebe0adee2a4
SHA256

0d2671309e0ab3c8145965e9d11bfa16c5f8e21990c92cb692d904ece10bb48f
SHA512

0f168a008214844905f8044297b1393f256ef5250f61099446bc12dec504223528600cf6ef126395408a0e0c13ac5071a31a01d5f9a31c2f64b0c480bae20f8c

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotel71.com.bd
Port:
587
Username:
chat@hotel71.com.bd
Password:
9+^va&phP1v9

Targets

- Target
  
  LEGAL ACTION ON YOUR COMPANY FOR LONG OVERDUE INVOICE.exe
- Size
  
  411KB
- MD5
  
  cff3e5019bd36f4a7596fe229c9e6a2f
- SHA1
  
  b7d7e42f24cb3c3ef10497a64398a888790dcbb0
- SHA256
  
  9950693e7a2ed5a37008ea3a7c2a185132af4f3fedfbbba41fb03939dadb8044
- SHA512
  
  67e13ab5417c8751b956fd429b13fe11291d0263699c4e8f253b7ab4e266b4b2afb1411ed0907b69d84c549d03c7f5398ff885d864899d743d200f7a222b5031
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2