Overview

overview

10

Static

static

invoice.exe

windows7_x64

10

invoice.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b03a044ae3276f2ed0a047976a3e0fc1c65db68546cefcf7d081ed9454266f5

  • Size

    585KB

  • Sample

    220521-pbdresehh6

  • MD5

    6f9671a24ce2f3f9eaa02c485d166bab

  • SHA1

    64f340a77a0002a95901ad5fa18e01bbda6c472d

  • SHA256

    1b03a044ae3276f2ed0a047976a3e0fc1c65db68546cefcf7d081ed9454266f5

  • SHA512

    41039d50e7cb109554d6ff620d90836c3a9a6c207f98b225660c5a437652332fc73e3cdee451989f4e71384517734c862d6fa77cadaf00167bfada98e862b8e8

Score
10/10
agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.goldenboiler.com
  • Port:
    587
  • Username:
    info@goldenboiler.com
  • Password:
    @gol2453denboiler@

Targets

    • Target

      invoice.exe

    • Size

      607KB

    • MD5

      7d59bff9907443c8da5b773488d254a7

    • SHA1

      0b18c7e81bd854d0065336368df1cd63be28a953

    • SHA256

      f29c7a735adfcc42de35a17646ead9eaf23ae1a0cc99ad468b720d0e3be7dad6

    • SHA512

      e8c154aec93bbf7357e97ca73f34633d1bc0d63106f0b1cc797fc94eeff2e262578441e7ef87944da6f4a50033785faf0aadd6ec91deda4cfe22d81c5281fe92

    Score
    10/10
    agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks