agenttesla

General

Target

d4803c82bdc773474dda976fa30bc7fbbad2a6192af850c71602419dd500368b
Size

475KB
Sample

220521-n5kw6ahgfm
MD5

68a0f1c0fbbdc5014c8814f20b0d0784
SHA1

54bf373d1460da8e3ae153a0694dae77fde9f1cb
SHA256

d4803c82bdc773474dda976fa30bc7fbbad2a6192af850c71602419dd500368b
SHA512

6daf2572ed2e47d62f1a9540d48b242b16adbf281c2c8fa5bc765962c3f576107a91c8a80c4feaecf5abb461dbd1e65f7a0efbfe44bf441c0a785fe9c22576b9

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.villanika.gr
Port:
587
Username:
info@villanika.gr
Password:
n2^-9wE@Wl}t

Targets

- Target
  
  new purchase order.rar.exe
- Size
  
  523KB
- MD5
  
  e50b58922768f36a719aa5e91c086c06
- SHA1
  
  f2216e02ce43d07bc6bc8b7fb01461f1d9d1aa91
- SHA256
  
  a4d3085a47bf0da4fa557e18de19bada74667d0eaa3dca959990b96215bb25cc
- SHA512
  
  ba6be2906587a73203196853952878e017e99ad94edec3195a368edd99f9fb0c2ae3218b84bd943a57f0cdbbd340043c0858b9e050f330dbacdf26b45f32d078
Score

10^/10

agenttesla snakebot collection coreentity evasion keylogger rezer0 snakebot spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- SnakeBOT
  SnakeBOT is a heavily obfuscated .NET downloader.
  snakebot
- AgentTesla Payload
- Contains SnakeBOT related strings
  snakebot
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

SnakeBOT

AgentTesla Payload

Contains SnakeBOT related strings

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2