agenttesla | 018506d82dc892d23c3b3bec9f81044d040dd6f3c04839acba081713f1576d14 | Triage

Submit
Reports

Overview

overview

Static

static

long overd...3).exe

windows7_x64

long overd...3).exe

windows10-2004_x64

Sharing

General

Target

018506d82dc892d23c3b3bec9f81044d040dd6f3c04839acba081713f1576d14
Size

348KB
Sample

220521-pc4n8sacdj
MD5

0c48cc845206d07d493a675eb5fc4669
SHA1

17927aed76162834c6284df27c7f7b3c9ac9b4c9
SHA256

018506d82dc892d23c3b3bec9f81044d040dd6f3c04839acba081713f1576d14
SHA512

fe68bdf920686c66e1479b520d6e4201e042db61c737130a83abe0e0532669b7326ce81d6c1c69da051a0f2375480743307928c2cb3d663db1ce7a5412bc3b0f

Score

10^/10

agenttesla collection keylogger persistence rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

long overdue statement (3).exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

long overdue statement (3).exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saamaygroup.com
Port:
587
Username:
ashimdutta@saamaygroup.com
Password:
pawan100

Targets

- Target
  
  long overdue statement (3).exe
- Size
  
  401KB
- MD5
  
  f2f2039a030460a562bd6fd7129775af
- SHA1
  
  cd6724348219200752f3e06da09556e690e1abef
- SHA256
  
  12b8f1b224e66e7fcae47229c008f04c435cbc98dff24c4a4092a80f26b67924
- SHA512
  
  e3f6fdb31858ecf6e72b6a5979767472163994f706ca7951a22f0be20f630a01ec10f37f1c336a1520089621029bcfdc8ae9d70e7dbba03fbea3c0cb09476165
Score

10^/10

agenttesla collection keylogger persistence rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencerezer0spywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy