agenttesla

General

Target

256487f56f6ad99c043971e91572ccbe41f80b2f3e4a784323b483968c02d203
Size

390KB
Sample

220521-dvgfwabdar
MD5

06d050383216bc294a757e62663487f2
SHA1

570be79855dfb807cdac77e95d812af57babbe0f
SHA256

256487f56f6ad99c043971e91572ccbe41f80b2f3e4a784323b483968c02d203
SHA512

c15fb3b20ccf94cdea6c479d39e2b0c921ff5836f523c648e5a2b61d7e662a7e05d8c1fefb9844ba9b7fe8b884be3712ffea44d90d4c4dd57b683273a12d71d7

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotel71.com.bd
Port:
587
Username:
[email protected]
Password:
9+^va&phP1v9

Targets

- Target
  
  Shipmment Details.doc..exe
- Size
  
  483KB
- MD5
  
  ca3d8f1c6b86d36e95f6c77f56586c25
- SHA1
  
  e06640e1c6b22441a87b60bdb93e8af246c3e3be
- SHA256
  
  e386fd9c2ec4caa4a12389d0d1c20e870a0955eeb3ab5c72e7c1eab18ca2efb1
- SHA512
  
  2afcd73f31a03ef87362d8187d9ab858556e82050fc818f35df788f2091288b295815936e83359524b31bb7cccc6f39768473dc5459d4e3d04725e7fc776a47b
Score

10^/10

agenttesla collection coreentity evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

AgentTesla Payload

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2