Overview

overview

10

Static

static

SOA.exe

windows7_x64

10

SOA.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69f8a5c1c6cc3a38c16323205d857f376e0f8831f0fb4de555b736fd237cd646

  • Size

    386KB

  • Sample

    220521-dbqkfafda5

  • MD5

    4ef92208f1a1d2c2a1edb965cdc2c377

  • SHA1

    006b58e4abd19bfff7b434209ad5a492fe64c8df

  • SHA256

    69f8a5c1c6cc3a38c16323205d857f376e0f8831f0fb4de555b736fd237cd646

  • SHA512

    6c7c522982d5da9662510e01fe1185b4d1a7052d0ba4d47b3f690009c3d35610d624a71ac9af4f0273bd62e39e4180c543e5f7e0d240d09fe85892a6f81de8c5

Score
10/10
agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.rajapindah.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    #r4j#citeureup#13

Targets

    • Target

      SOA.exe

    • Size

      486KB

    • MD5

      8083a9f113f6ee458ec96ae28c423ffc

    • SHA1

      f6a0b2a4f1d86181771f1f71850a5ae682e62dc1

    • SHA256

      286746a21e00a444f5dba54bf184545a1a8a5c5c5d813139f130ee0940d0009f

    • SHA512

      e496fbb0afeed32c7f6f9044ae113201d17cd6bb941a4bcda53dc62fbcfff4baabfb77ba237fcc628b948a9fbc4fcdb2d12955476a2d1af8681f273a7f8dcbcc

    Score
    10/10
    agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks