Overview

overview

10

Static

static

PORPOP.exe

windows7_x64

10

PORPOP.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    554a3dfd96df399b61db1001e97b3b6295ddbbdc76e11e69823127433c92a2e6

  • Size

    425KB

  • Sample

    220521-n75dkshhhn

  • MD5

    7e4f5315a0ae2e8886f30c42ec3b5d1c

  • SHA1

    1e39c0779e39439500a6ee58bc1ae90bff5dac90

  • SHA256

    554a3dfd96df399b61db1001e97b3b6295ddbbdc76e11e69823127433c92a2e6

  • SHA512

    1f1b4a6fb5f27cb3f8eca9f85252ae3613ef9fd80b992f84b46c1856b2ba19931d4df146b233d77c97276d83f0939efff970e653ee9f215e1e798c277d4d864b

Score
10/10
agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.israelagroconsultant.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    israelagro@123

Targets

    • Target

      PORPOP.exe

    • Size

      516KB

    • MD5

      e4f5fa9448aa0d4bab63566ae4162e56

    • SHA1

      d665acebc8692d7e98fe7cb1ef56202e885156fd

    • SHA256

      6d74007e7ac24c71ab27dd72dcbf6cc0a7caf046ca1f55eeeacf1e17f73b9d99

    • SHA512

      22393ee278ebd8fde36affbab92194bc9e8be5d1b8d2752830af2a809ab9084208e67ea5e414d51be27d580e1b1affd969224e8a394709029c052e3fd84ed541

    Score
    10/10
    agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks