agenttesla | 3315f6f2235050638ef65d91c63bd8454f2ad07f08a04ab1ab6e8b6eab65361b | Triage

Submit
Reports

Overview

overview

Static

static

3

75947213cd...45.exe

windows7-x64

75947213cd...45.exe

windows10-2004-x64

Sharing

General

Target

75947213cdcf840dece785dfffcc4045
Size

488KB
Sample

231226-rst6vafaak
MD5

75947213cdcf840dece785dfffcc4045
SHA1

0279145121d57d99bccca8385ed8eda6ebd5d8d2
SHA256

3315f6f2235050638ef65d91c63bd8454f2ad07f08a04ab1ab6e8b6eab65361b
SHA512

0c82d0d30b2a869b93950a85af77ee7af3fa14cb8e5dd5d9726eaa9278b9f661e0186050ef11ace3081d1972ee5b32023386b4fc3f3f9c6b116fa60c9adccb0f
SSDEEP

12288:Oi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0ECb:b7nhvbKvfmkALKi/Wq0Ec

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75947213cdcf840dece785dfffcc4045.exe

Resource

win7-20231215-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

75947213cdcf840dece785dfffcc4045.exe

Resource

win10v2004-20231215-en

agenttesla evasion keylogger rezer0 spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rajapindah.com
Port:
587
Username:
rizky@rajapindah.com
Password:
#r4j#citeureup#13

Targets

- Target
  
  75947213cdcf840dece785dfffcc4045
- Size
  
  488KB
- MD5
  
  75947213cdcf840dece785dfffcc4045
- SHA1
  
  0279145121d57d99bccca8385ed8eda6ebd5d8d2
- SHA256
  
  3315f6f2235050638ef65d91c63bd8454f2ad07f08a04ab1ab6e8b6eab65361b
- SHA512
  
  0c82d0d30b2a869b93950a85af77ee7af3fa14cb8e5dd5d9726eaa9278b9f661e0186050ef11ace3081d1972ee5b32023386b4fc3f3f9c6b116fa60c9adccb0f
- SSDEEP
  
  12288:Oi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0ECb:b7nhvbKvfmkALKi/Wq0Ec
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy