Overview

overview

10

Static

static

3e88c09381...5f.exe

windows7-x64

10

3e88c09381...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f.exe

  • Size

    469KB

  • Sample

    221208-ns2ddahh28

  • MD5

    9cd5ea2d2fdc3f6a69d0c87be7a64c22

  • SHA1

    62b83c1c2f82185f2f62918e7b34d477c43b5fdc

  • SHA256

    3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f

  • SHA512

    d4fe9b5b75b804b9ea9851a05f37b9f79cccf545e53c2c1e387bd1f69c31e2e84886796a5e4aa910744abd1121b76db055ec504ffc5652264b54799ebb7ebfbe

  • SSDEEP

    12288:SIkGAjyp8qqxzmWnwsXz9L2xRmfipJ19SHWFH8Pmrb:SIkGAmDq5mWwsXZeRmkogH8Pm3

Score
10/10
agentteslacollectionevasionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5482315235:AAGwacbjVLMaBQENAXUuPyVg-cvhlK0vn-w/

Targets

    • Target

      3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f.exe

    • Size

      469KB

    • MD5

      9cd5ea2d2fdc3f6a69d0c87be7a64c22

    • SHA1

      62b83c1c2f82185f2f62918e7b34d477c43b5fdc

    • SHA256

      3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f

    • SHA512

      d4fe9b5b75b804b9ea9851a05f37b9f79cccf545e53c2c1e387bd1f69c31e2e84886796a5e4aa910744abd1121b76db055ec504ffc5652264b54799ebb7ebfbe

    • SSDEEP

      12288:SIkGAjyp8qqxzmWnwsXz9L2xRmfipJ19SHWFH8Pmrb:SIkGAmDq5mWwsXZeRmkogH8Pm3

    Score
    10/10
    agentteslacollectionevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Accesses Microsoft Outlook profiles

      collection

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks