agenttesla

General

Target

f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
Size

463KB
Sample

220521-xhzapsbgf4
MD5

50f922cbe8b8e426906c0975945f3da8
SHA1

84fe0d182c9e362763fca61948e98de49e1bb6f1
SHA256

f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
SHA512

d3eb19fd199bbd9d33b8b84f771ed6a5f68c8e99c95baeef5185c2f20d3d63ef113e9fd19cf9b2e5def73bc1781b6e50eecf105c6b81b684ab13caa0852f8feb

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotel71.com.bd
Port:
587
Username:
chat@hotel71.com.bd
Password:
9+^va&phP1v9

Targets

- Target
  
  duk (3).exe
- Size
  
  511KB
- MD5
  
  04b191c4242a98c5b14ed1de9c61ef8c
- SHA1
  
  4c4fafb67933eb18100acdc76128f42dc9a9525f
- SHA256
  
  bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
- SHA512
  
  c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b
Score

10^/10

agenttesla snakebot collection coreentity evasion keylogger rezer0 snakebot spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- SnakeBOT
  SnakeBOT is a heavily obfuscated .NET downloader.
  snakebot
- AgentTesla Payload
- Contains SnakeBOT related strings
  snakebot
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

SnakeBOT

AgentTesla Payload

Contains SnakeBOT related strings

ReZer0 packer

Disables Task Manager via registry modification

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2