agenttesla | 0248d76f25d67192768d6b3c9cc35202c8f567e0ce77012e24ad37e33c4faf37 | Triage

Submit
Reports

Overview

overview

Static

static

Fattura ac......exe

windows7_x64

Fattura ac......exe

windows10-2004_x64

Sharing

General

Target

0248d76f25d67192768d6b3c9cc35202c8f567e0ce77012e24ad37e33c4faf37
Size

375KB
Sample

220521-d5mqmsghb9
MD5

498658b0fd4e26ce604d8057f3d22faa
SHA1

01c4898feafba520fa8344d6c0bf57c399d8d7c2
SHA256

0248d76f25d67192768d6b3c9cc35202c8f567e0ce77012e24ad37e33c4faf37
SHA512

bfbe6a104f335a762ae40db85c3346c419617073c64e82e9db6072c16bbeec99400e0ca2c77ef6130a47ad6e7a1d7ea8c7c1c21afbc7508cd16f39ecd3ee9ea0

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Fattura accomp - Invoice 1028 del 19-02-2020 NEW WAY MIDDLE EAST FZE do....exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Fattura accomp - Invoice 1028 del 19-02-2020 NEW WAY MIDDLE EAST FZE do....exe

Resource

win10v2004-20220414-en

agenttesla collection evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.israelagroconsultant.com
Port:
587
Username:
[email protected]
Password:
israelagro@123

Targets

- Target
  
  Fattura accomp - Invoice 1028 del 19-02-2020 NEW WAY MIDDLE EAST FZE do....exe
- Size
  
  428KB
- MD5
  
  6afdf426be2106f66c8ad0dd5295a94a
- SHA1
  
  10cc14ab3cefd6175dab97c2f8d5bc2a8a88b02b
- SHA256
  
  18907aad4da3ed933bd68340346b21e23b3e0b5df978f01a99c195737f09db99
- SHA512
  
  4349569a571fdced6a54479fbbeb3a9d2baeaa7f4c85d48917306e4b5f631c2facf225cc563be9e345ba50d000a5c7534a5b3bcdcbe97f0b532d3dc37ee05d3c
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy