agenttesla | abe72a52290291b40bddddb4a38c09e8922ce33b4d3a1fdcdb744ff1bb7fd261 | Triage

Submit
Reports

Overview

overview

Static

static

9

SAR EFILLING.exe

windows7_x64

SAR EFILLING.exe

windows10-2004_x64

Sharing

General

Target

abe72a52290291b40bddddb4a38c09e8922ce33b4d3a1fdcdb744ff1bb7fd261
Size

509KB
Sample

220521-n92epsehd4
MD5

c69bab612409407834937281fb667607
SHA1

5dfe6f86e2cbcdbab02ca3e10bd01ffb9d6b4f3e
SHA256

abe72a52290291b40bddddb4a38c09e8922ce33b4d3a1fdcdb744ff1bb7fd261
SHA512

cc5e26b3104021388fc3ac1e6a94401f22e90c22a255415814988e2071b53da3f2fd7c54e4c9e43298da0281a2d3053682e411e4b7b777c5fdcf6346759bf29b

Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SAR EFILLING.exe

Resource

win7-20220414-en

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SAR EFILLING.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
zstcznz.org
Port:
587
Username:
makonyo@zstcznz.org
Password:
makonyo@2017

Targets

- Target
  
  SAR EFILLING.exe
- Size
  
  544KB
- MD5
  
  da0d23618c8c21787ac6aa7d3831679a
- SHA1
  
  051c78fde7a38263e7325de811ab699e5db39417
- SHA256
  
  956338e6d5c9af567addc3d16a0026d124aaa3d0657471e0e0bdd8d87c3ee762
- SHA512
  
  f956bd574efdbe3a6bbadf7305cbf9d2db75f41bfc645ab75f5115e2fb11056b38693eaa78cb3922f88dd03ee40cccf935b6120bcc341dd7d7b2d33fc3aa25b5
Score

10^/10

agenttesla collection coreentity keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- AgentTesla Payload
- CoreCCC Packer
  Detects CoreCCC packer used to load .NET malware.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy