agenttesla | 24be7f8eb88df622bbd1f88d1f63233e894d4b681dc9540d84c33b85a4d446b1 | Triage

Submit
Reports

Overview

overview

Static

static

Neworder51...df.exe

windows7_x64

Neworder51...df.exe

windows10-2004_x64

Sharing

General

Target

24be7f8eb88df622bbd1f88d1f63233e894d4b681dc9540d84c33b85a4d446b1
Size

375KB
Sample

220521-pnjs7sfff8
MD5

50feb1f370567dce96ddb58f4f9fe855
SHA1

680e24b58730f8c22813e657069f118a7b0298d5
SHA256

24be7f8eb88df622bbd1f88d1f63233e894d4b681dc9540d84c33b85a4d446b1
SHA512

81d92d2aa0d9ba6b2a0641a92ab9fcdf0c9dc5db129b87c8bc8ff5640d6608f493fb5ecd28b2f45cac7cab860c26ea3784137ceca3389f8623a8e1c1e5feb051

Score

10^/10

agenttesla keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Neworder5119047pdf.exe

Resource

win7-20220414-en

agenttesla keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Neworder5119047pdf.exe

Resource

win10v2004-20220414-en

agenttesla keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.siancoeg.com
Port:
587
Username:
abdallah.hosny@siancoeg.com
Password:
26444534

Targets

- Target
  
  Neworder5119047pdf.exe
- Size
  
  405KB
- MD5
  
  71894434f256436d126e77c7307ce2cd
- SHA1
  
  6d14957428ffd27ed1a40c64a04fa5d6fbb0c663
- SHA256
  
  968a7bf9593f8635bc6383f73cc1743b4fa776442ec7265adc138f248531bfbf
- SHA512
  
  7719b04c4deef0cc18b40eb413377fbf1a9eaee3c64126d137dd6ef5ef3c2704d746ab0bc2c85ab19c4fa0be9f7ecf39ba76e0616cf72a0d01bd7cd76eacb6a4
Score

10^/10

agenttesla keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerrezer0spywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy