Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
General
Target
Size
Sample
f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
463KB
220521-xhzapsbgf4
Score
10 /10
MD5
SHA1
SHA256
SHA512
50f922cbe8b8e426906c0975945f3da8
84fe0d182c9e362763fca61948e98de49e1bb6f1
f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
d3eb19fd199bbd9d33b8b84f771ed6a5f68c8e99c95baeef5185c2f20d3d63ef113e9fd19cf9b2e5def73bc1781b6e50eecf105c6b81b684ab13caa0852f8feb
Malware Config
Extracted
| Family | agenttesla |
| Credentials | Protocol: smtp Host: mail.hotel71.com.bd Port: 587 Username: chat@hotel71.com.bd Password: 9+^va&phP1v9 |
Targets
Target
MD5
Filesize
duk (3).exe
04b191c4242a98c5b14ed1de9c61ef8c
511KB
Score
10/10
SHA1
SHA256
SHA512
4c4fafb67933eb18100acdc76128f42dc9a9525f
bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b
Tags
Signatures
-
AgentTesla
-
CoreEntity .NET Packer
Description
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Tags
-
SnakeBOT
Description
SnakeBOT is a heavily obfuscated .NET downloader.
Tags
-
AgentTesla Payload
-
Contains SnakeBOT related strings
Tags
-
ReZer0 packer
Description
Detects ReZer0, a packer with multiple versions used in various campaigns.
Tags
-
Disables Task Manager via registry modification
Tags
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks