Extracted

• • Target

    SecuriteInfo.com.Trojan.GenericKDS.61003313.28347.30183.exe

  • Size

    6.5MB

  • MD5

    e4adddb58c2cb3c3eeae97d9a9c815ce

  • SHA1

    ca3693bc89716a7d7ea35639936fce0c41c67bdf

  • SHA256

    9d0cd2b1f470af7bba55345850c4f2b24ba96b9c4c361e4ff75c14a72bb3e7de

  • SHA512

    09bb413e88e7de81f799719be5d8b2af4d6c56a6d1d79082b26327e9617e7dbb07c5cbb084c2a85efd55ec1f168b6d8efb6484181956a6ae4e016600fe7d3bd3

  • SSDEEP

    24576:oPXKp7DSnjNBRJzLfMm1cihUb5PXKp7DSnjNBRJzLfMm1cihUb:oPXKp7+pzJznrh65PXKp7+pzJznrh6

  Score

  10^/10

  agentteslacollectionevasionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Sets service image path in registry

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Accesses Microsoft Outlook profiles

    collection

  • Checks whether UAC is enabled

    evasiontrojan

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2