Overview

overview

10

Static

static

payment receipt.exe

windows7_x64

10

payment receipt.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13ae46b9d4eeb73b8ac223e879e84d849c5a60564669ed8c8a8809f41b2e46da

  • Size

    414KB

  • Sample

    220521-pb1k7aabgr

  • MD5

    85b5d7ec13d7d293bfc034ae8312c094

  • SHA1

    724556aeaabf5e8e623e85438776c14d61591d20

  • SHA256

    13ae46b9d4eeb73b8ac223e879e84d849c5a60564669ed8c8a8809f41b2e46da

  • SHA512

    5dd2b01026fced720c26605334568079bc81e9962b92751532d83c863b4afa02274496e873bcb8dc6d845c8dfade4d438772b39cdb832cae5a4585dcf94b873d

Score
10/10
agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.dianaglobalmandiri.com
  • Port:
    587
  • Username:
    info@dianaglobalmandiri.com
  • Password:
    Batam2019

Targets

    • Target

      payment receipt.exe

    • Size

      513KB

    • MD5

      1f4cafd1b59f0a7b7bafb28e31c620aa

    • SHA1

      b4f61151dfcd4b7f62665324a661a517d1a0ec75

    • SHA256

      875391a0ae1d2f10f9c04e39aaed8c558acf0fbad7b220d18489d25aac97ff85

    • SHA512

      2ea0849ec47211976a72691944737944f231fcd3e3ed371c5ec0844650efa38dd613a252dc2b45a8b8f4969d0eb0ba981ddec36c7f8210032ddb76ce2234b64c

    Score
    10/10
    agentteslacollectioncoreentityevasionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks