agenttesla | 187a92c8144211f1e95c64641f96ae33a247d35eb9fa59a4c421d5395b5b45dc | Triage

Submit
Reports

Overview

overview

Static

static

TT Slip.exe

windows7_x64

TT Slip.exe

windows10-2004_x64

Sharing

General

Target

187a92c8144211f1e95c64641f96ae33a247d35eb9fa59a4c421d5395b5b45dc
Size

535KB
Sample

220521-ntd98seba5
MD5

7e3db3074dd7c69416b3e436e38ac564
SHA1

2748d8ef16a784688fce22d240a3a787bd515f4d
SHA256

187a92c8144211f1e95c64641f96ae33a247d35eb9fa59a4c421d5395b5b45dc
SHA512

4e6708c5c493ecce3c35f074748334d38f8232af7d6194c36432f3ba908b1d972affe403c0f7afeb795da2d860f314f882d020f11dc7f10efde3c649d4be8377

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TT Slip.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT Slip.exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
info@dianaglobalmandiri.com
Password:
Batam2019

Targets

- Target
  
  TT Slip.exe
- Size
  
  616KB
- MD5
  
  7974c6ca97b8f4f163e0ab140701396a
- SHA1
  
  720a76ac44ae776723d9a35b608209428a6611a5
- SHA256
  
  8e637504c692c93f7cf0286af90f331cd2bb7961adf8bd9f2ec2f7e84db7adf7
- SHA512
  
  c56e3947151fb3df44902f0966c348e48172a80b0951bc64481d20a8e4e55db21acc64d336758c9a113e158b6f3c31772e84b44a9447dfa0de30ad01cf00d8db
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy