Overview

overview

10

Static

static

qt8hpBzVEeH1O8B.exe

windows7_x64

10

qt8hpBzVEeH1O8B.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    582c09cb88106231b13574cb3bc848cea346558a985bd13d1ccd8031a5a2a0db

  • Size

    422KB

  • Sample

    220521-df4ymaffb9

  • MD5

    ff721b1231221a271ad4de7355286fa1

  • SHA1

    820ee19536603b894238c1378fde68be63e729b7

  • SHA256

    582c09cb88106231b13574cb3bc848cea346558a985bd13d1ccd8031a5a2a0db

  • SHA512

    08e92c851357aac300c9e3d3f0e639c36376ad5738f443e0b60600339329652269a2ee25c9d518ba8a64e53c989cd7c3941eda38118d2a21771ec2e666826e87

Score
10/10
agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.cpworldindia.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bopo@2014

Targets

    • Target

      qt8hpBzVEeH1O8B.exe

    • Size

      477KB

    • MD5

      f8c833483ed462c778e1ca98cc9b4e48

    • SHA1

      881d60f55cd7dcba349080e50dcc3249a2acfadf

    • SHA256

      dff01b9f8946ed3792fe4e32ae3f95834c892f16ca219dc99d78fd15064f82a2

    • SHA512

      03f1635e7121c4b3f6d1fa4386cee1d15e9b1a3c51c93dff876bb7429d0fc4d6437bd1fcfc97b39a406900203f0664109d673f46b1b18741ea4d62a25697467a

    Score
    10/10
    agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks