agenttesla | ebe07312b9bea5733cf5e1dc3259e803364d9646cc0d02c2c6b97b60e69aa7af | Triage

Submit
Reports

Overview

overview

Static

static

paalala 06...20.exe

windows7_x64

paalala 06...20.exe

windows10-2004_x64

Sharing

General

Target

ebe07312b9bea5733cf5e1dc3259e803364d9646cc0d02c2c6b97b60e69aa7af
Size

490KB
Sample

220521-n5by9ahgem
MD5

537d32d9d423cab82a8ef3cd97dde372
SHA1

88ce596aef45a4dc12834abfedf989775d0e7bf4
SHA256

ebe07312b9bea5733cf5e1dc3259e803364d9646cc0d02c2c6b97b60e69aa7af
SHA512

6ff7dedba0a12e6fa63ed42291ceedc26a62f4c251f1fb6ee2c9cde0040050614150c18ab6ac0b79801a7854709be66027b4893254ac0568eca17dfb58ffae81

Score

10^/10

agenttesla collection keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

paalala 06-10-2020.exe

Resource

win7-20220414-en

agenttesla keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

paalala 06-10-2020.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.tde.ro/
Port:
21
Username:
[email protected]
Password:
playboy123

Protocol: ftp
Host:
ftp://ftp.tde.ro/
Port:
21
Username:
[email protected]
Password:
playboy123

Extracted

Credentials

Protocol: ftp
Host:
ftp.tde.ro
Port:
21
Username:
[email protected]
Password:
playboy123

Targets

- Target
  
  paalala 06-10-2020.exe
- Size
  
  549KB
- MD5
  
  378d98fa8a84c02a913c9015487400cc
- SHA1
  
  d564b54a48c63e9852e3125a8a4ac5146f660607
- SHA256
  
  c294055fc17f972d5bd6ca0dce65c44b4233b4fdce6b06d61fac422fc3882f1b
- SHA512
  
  408d12c48b412fab3fe880c1c3dbba368fe0f888ff6710458fa7e0f62e80feda58515c8a1c49d9b714913461725165297e3680c7d21be3ea369f0e14a0baa0dd
Score

10^/10

agenttesla keylogger rezer0 spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy