Overview

overview

10

Static

static

RFQ #120032020.exe

windows7_x64

10

RFQ #120032020.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67ad8ce9502073afd22ec0e50f9180c4ef39b943d5163456b4cb2d2119287f14

  • Size

    404KB

  • Sample

    220521-pkzp9aafhp

  • MD5

    6e1d8204445120b1446cad6bcd92de9f

  • SHA1

    a8c368e8eb500085c201e8d8e1009674730b9d0b

  • SHA256

    67ad8ce9502073afd22ec0e50f9180c4ef39b943d5163456b4cb2d2119287f14

  • SHA512

    3d38896ab5783e3b577def7e2d17ff2b7e0915eefde76ea40bf4f8b3081e630f6c805584be51870da452bd7725cf367ea47db038a8c950df0da1d4960c23c2b1

Score
10/10
agentteslakeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.pro-powersourcing.com
  • Port:
    587
  • Username:
    vivi@pro-powersourcing.com
  • Password:
    china1977

Targets

    • Target

      RFQ #120032020.exe

    • Size

      436KB

    • MD5

      21add8a8d267dd8ee406d587f4fd9aad

    • SHA1

      f98f2159ae8ca3aa605f1e3bd52df3df97e2db3e

    • SHA256

      023868121ca6645fc5fe59e01180a4b1bfd9e9d659fd2d93a9a122d18d7687b6

    • SHA512

      b8fae526d9aa21adba529243bb729f193268440626104a6edbd96f15a2b31443bb8a404b9ee80b7a16e1f41365528796b3ce2fdaf94bfbd87ec880b179ffc95a

    Score
    10/10
    agentteslakeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks