agenttesla | 2ab087bb4ed0cd582d516182549de9755c5972a8955cddaa95675e93610cb993 | Triage

Submit
Reports

Overview

overview

Static

static

7

SaturnX-F2.exe

windows10-1703-x64

Resubmissions

03-12-2023 00:19

231203-amk8bage59 10

Sharing

General

Target

SaturnX-F2.exe
Size

2.9MB
Sample

231203-amk8bage59
MD5

406377b13d97be6601b006bd542ebed7
SHA1

65a9cc706a89c0d0bd832ed0af5cb2b06826711c
SHA256

2ab087bb4ed0cd582d516182549de9755c5972a8955cddaa95675e93610cb993
SHA512

02c0143c6a8da45325dc3b912ae9b517d6007d55af6da9f35638bd9160693a8ec7d4b7794728d32eea93d42d8a0857f1d475489bd1e1daefb98639b0ea5bef84
SSDEEP

49152:gxlRxlWfZ628CpyVEiUa5z8QE2j8e4go6oQhZsukz:gPRPWfM27b7e4go6xhZsD

Score

10^/10

agenttesla agilenet evasion keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SaturnX-F2.exe

Resource

win10-20231129-en

agenttesla agilenet evasion keylogger spyware stealer trojan

windows10-1703-x64

17 signatures

1200 seconds

Malware Config

Targets

- Target
  
  SaturnX-F2.exe
- Size
  
  2.9MB
- MD5
  
  406377b13d97be6601b006bd542ebed7
- SHA1
  
  65a9cc706a89c0d0bd832ed0af5cb2b06826711c
- SHA256
  
  2ab087bb4ed0cd582d516182549de9755c5972a8955cddaa95675e93610cb993
- SHA512
  
  02c0143c6a8da45325dc3b912ae9b517d6007d55af6da9f35638bd9160693a8ec7d4b7794728d32eea93d42d8a0857f1d475489bd1e1daefb98639b0ea5bef84
- SSDEEP
  
  49152:gxlRxlWfZ628CpyVEiUa5z8QE2j8e4go6oQhZsukz:gPRPWfM27b7e4go6xhZsD
Score

10^/10

agenttesla agilenet evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaagilenetevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy