Overview

overview

10

Static

static

NEW P-O.exe

windows7_x64

10

NEW P-O.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57b6e2aaa856f7cf3049e111604280ce78971fd1d2003976c415847ea1426751

  • Size

    408KB

  • Sample

    220521-df88caagap

  • MD5

    41217deacc19e77e1aee479b9eff1b37

  • SHA1

    7977ce17772a89f5b08b6b64534deceb5e0adf66

  • SHA256

    57b6e2aaa856f7cf3049e111604280ce78971fd1d2003976c415847ea1426751

  • SHA512

    63c8548571b43a3247cc4e1f734433d4eea8c70b7f8accae7cdc07b0f7967f05e83fc529fc6c5a7f7e5cc75709d735585528f1f480ebe226f143f408110aa590

Score
10/10
agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.rajapindah.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    #r4j#citeureup#13

Targets

    • Target

      NEW P-O.exe

    • Size

      463KB

    • MD5

      ff31007a5c8ff2672b1388b3630e62c3

    • SHA1

      caffa8d8f535c738aecc376162cc9cfb62931afc

    • SHA256

      f06f3723235acd9307e495542a10790ac22b8b894954484b02746409802fde10

    • SHA512

      e68f883b056f44831896e5b84d927c966e79a6ff905c614c4a0f6a578b9e2533ed295b7230d1eef99d0b9db3e256e295f7a4d4c6a4b840ea2a9b1c5f8ad7a759

    Score
    10/10
    agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks