agenttesla | e1eb6222a8e97a11a12b0306cc2084152d2c53e4969178c8dcc3d94012fcdad2 | Triage

Submit
Reports

Overview

overview

Static

static

3

c22581a6e2...53.exe

windows7-x64

c22581a6e2...53.exe

windows10-2004-x64

Sharing

General

Target

c22581a6e275d276141977cf7eb50853
Size

488KB
Sample

240312-b69kpaee43
MD5

c22581a6e275d276141977cf7eb50853
SHA1

bdf5f8adbeefd1776a1225f2fff84dcbff19faf1
SHA256

e1eb6222a8e97a11a12b0306cc2084152d2c53e4969178c8dcc3d94012fcdad2
SHA512

ffeecb806e2d61bbfc9cd2647a591cb63aba0269a17cda73fbc94104fe189a9ace5e4233dcbae9d1e4fe49ffd3649b6d5323c8de93e099e993af06ec3a0d8bc1
SSDEEP

12288:Pi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0EC:q7nhvbKvfmkALKi/Wq0E

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c22581a6e275d276141977cf7eb50853.exe

Resource

win7-20240221-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c22581a6e275d276141977cf7eb50853.exe

Resource

win10v2004-20240226-en

agenttesla evasion keylogger rezer0 spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rajapindah.com
Port:
587
Username:
rizky@rajapindah.com
Password:
#r4j#citeureup#13

Targets

- Target
  
  c22581a6e275d276141977cf7eb50853
- Size
  
  488KB
- MD5
  
  c22581a6e275d276141977cf7eb50853
- SHA1
  
  bdf5f8adbeefd1776a1225f2fff84dcbff19faf1
- SHA256
  
  e1eb6222a8e97a11a12b0306cc2084152d2c53e4969178c8dcc3d94012fcdad2
- SHA512
  
  ffeecb806e2d61bbfc9cd2647a591cb63aba0269a17cda73fbc94104fe189a9ace5e4233dcbae9d1e4fe49ffd3649b6d5323c8de93e099e993af06ec3a0d8bc1
- SSDEEP
  
  12288:Pi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0EC:q7nhvbKvfmkALKi/Wq0E
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerrezer0spywarestealertrojan

© 2018-2024

Terms | Privacy