agenttesla

General

Target

chappo_3_days_key_new.rar
Size

17.7MB
Sample

240427-z4hk7aha3w
MD5

abaac60d2349aef781d8697b26a09442
SHA1

f48b43b226cbbf16852f8c27710367c696b291e9
SHA256

f6c17feb9634d46a34ba851526576f947805135b368ff079936cdf0492553f70
SHA512

b4724a24e11000ae90e6a089125bbc4b140faab194d8f2dc4fb69b3f2112d4181c671bb242cf635dabd25b29071a3cdf1548d94ce06d7d14fd2c8ff2954dbcac
SSDEEP

393216:L3nwfyVg2kesEiwEOQ3kh+EjiRdiEAPo+kyfsC0Zwt5cnL0xfttDFBnUD9:zHaL1OQ+jjEAPo+kyfsCiU5co7tJG9

Score

10^/10

Malware Config

Targets

- Target
  
  chappo_3_days_key_new.rar
- Size
  
  17.7MB
- MD5
  
  abaac60d2349aef781d8697b26a09442
- SHA1
  
  f48b43b226cbbf16852f8c27710367c696b291e9
- SHA256
  
  f6c17feb9634d46a34ba851526576f947805135b368ff079936cdf0492553f70
- SHA512
  
  b4724a24e11000ae90e6a089125bbc4b140faab194d8f2dc4fb69b3f2112d4181c671bb242cf635dabd25b29071a3cdf1548d94ce06d7d14fd2c8ff2954dbcac
- SSDEEP
  
  393216:L3nwfyVg2kesEiwEOQ3kh+EjiRdiEAPo+kyfsC0Zwt5cnL0xfttDFBnUD9:zHaL1OQ+jjEAPo+kyfsCiU5co7tJG9
Score

3^/10
behavioral1
- Target
  
  chappo 3 days key new/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c97f23b52087cfa97985f784ea83498f
- SHA1
  
  d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
- SHA256
  
  e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
- SHA512
  
  ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
- SSDEEP
  
  49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score

1^/10
behavioral2
- Target
  
  chappo 3 days key new/arfarf_protected.exe
- Size
  
  17.2MB
- MD5
  
  e235f21d7011f180d78ee3ef14a242da
- SHA1
  
  a5b61d7126cd4a5b98faf765dcab344bf4a61aef
- SHA256
  
  9ee7c83712c548764248b9aebec255d7678197ae3fb8c6947e93cd0a8c113249
- SHA512
  
  8605961845973597739f8a7184987593e61bf8cba582d2fda22f58ad9515644c39b4e0eb2e4c853203efeefc250756083043ed341283695a4c11cfad2e94731d
- SSDEEP
  
  393216:rJN6WaFIrwSZc1ujdGtZjq4HsuEaBtz4rUrlB7WBGB:D6WoAwzsQZdHsCtz4G6gB
Score

10^/10

agenttesla evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

System Information Discovery

5

T1082

Query Registry

5

T1012

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

AgentTesla payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks BIOS information in registry

Executes dropped EXE

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3