agenttesla | faf5f10ca8612cdf38dd462ea5431518dccf2784bfecddccd8d6dc6d5404c97e | Triage

Submit
Reports

Overview

overview

Static

static

PhytoAB - ...20.exe

windows7_x64

PhytoAB - ...20.exe

windows10-2004_x64

Sharing

General

Target

faf5f10ca8612cdf38dd462ea5431518dccf2784bfecddccd8d6dc6d5404c97e
Size

554KB
Sample

220521-nycxzahder
MD5

1b1762e7f8da696fdfe114d4143ab2ee
SHA1

ed50cba91cf2b95652d19778adf3a1de688176bb
SHA256

faf5f10ca8612cdf38dd462ea5431518dccf2784bfecddccd8d6dc6d5404c97e
SHA512

ce27642ee4c97037fba3eb73c14d077a07d46f18fcb1b92130a17a1e5d3325833ac4766b32b34b9a4cb9ddca43ccea67064b4d705795d07f214a0c15c4cb7ff2

Score

10^/10

agenttesla keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PhytoAB - Attached #PO 00620.exe

Resource

win7-20220414-en

agenttesla keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PhytoAB - Attached #PO 00620.exe

Resource

win10v2004-20220414-en

agenttesla keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.braziliancoffeehouse.co
Port:
587
Username:
warehouse@braziliancoffeehouse.co
Password:
Brazil@123.

Targets

- Target
  
  PhytoAB - Attached #PO 00620.exe
- Size
  
  659KB
- MD5
  
  b9884781fa61b73e87b491dad108e74d
- SHA1
  
  3437d90ccc896d021edd8de21e955641871f2122
- SHA256
  
  960bdf7b7b3bd263fcd5aa32f4b0ddb567349d46f6d5062a8000981675bffe6f
- SHA512
  
  3a178254b9db848c4ee804ee9edd9cc53ceedbd90cf7e8a355962ad2e935e42a70ab0a7cea04f1b85ff933c7823cb1b54bf9bc6e387153132216ac1df3e10df4
Score

10^/10

agenttesla keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerrezer0spywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy