Overview

overview

10

Static

static

pedido urgente.exe

windows7_x64

10

pedido urgente.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcc91a22edbb555263dd5f7531ddc1cc467e53c5cf3c06fd5891488e2089e784

  • Size

    383KB

  • Sample

    220521-pdnpeaacfj

  • MD5

    965f754553cfae0dca68e29195bcc306

  • SHA1

    a6467ac1827055504f4f176cd6cda6f03b13785a

  • SHA256

    fcc91a22edbb555263dd5f7531ddc1cc467e53c5cf3c06fd5891488e2089e784

  • SHA512

    0456c6dcc4c943d1442e0963e86a22193f4e9d0464db78f944127f632f6f5bc0e07fcda082d46c2eaa471c23f1eee7d60ab107cb1b89b4b9529cc5e238359950

Score
10/10
agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.capeqlc.net
  • Port:
    587
  • Username:
    ezeube2@capeqlc.net
  • Password:
    TRf%Qah4

Targets

    • Target

      pedido urgente.exe

    • Size

      398KB

    • MD5

      027ec3c777c8acb409bf348c6fbed620

    • SHA1

      cb1cf03cbc583c2a389111f7a44ca4f0b9fb022d

    • SHA256

      e53b85600f2e1d2c612854eb25aa5ebb3cf93a966aef11b22e186f65cb097506

    • SHA512

      58e7110107cb77070d98a30def446fa6c87e020296680d752288f3eda11b327b91c20be41c7b4f062ec398814494abf0510c9812a74793e4653186832d8c46c2

    Score
    10/10
    agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks