agenttesla | e3f18448db706644cd729bf5be9d94dd322cf4d00f439a9ca0b1768afb1de9d9 | Triage

Submit
Reports

Overview

overview

Static

static

3

REX Obfuscator.exe

windows10-2004-x64

Sharing

General

Target

REX_Obfuscator.rar
Size

3.1MB
Sample

240326-kgla8sec99
MD5

f162d62f61055f2bfb7dd35a60265502
SHA1

808a61bcbbea08359fa8b5767a64ecf49fd74895
SHA256

e3f18448db706644cd729bf5be9d94dd322cf4d00f439a9ca0b1768afb1de9d9
SHA512

a659dc4253cb31c43582d6d289775dc0f15bd346f198fd5a7d406db2d808193a5352c19a9218d995495967f56d59e7391732c8b7ff5337c5b097146c90a05d32
SSDEEP

98304:V/EBAJEKyDruwrL5bjJOYHHoUZo55JtQ/5knvxz4:xSKoruItjJOoHo35NSOJz4

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

REX Obfuscator.exe

Resource

win10v2004-20240226-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  REX Obfuscator.exe
- Size
  
  4.1MB
- MD5
  
  6b5501b9e9a8ca4e53b3ea6f0d0f1db9
- SHA1
  
  19df7d4b6aabf5d72d3ffe89e4ec130ff1001124
- SHA256
  
  f3a45fdc397b1eec7c45664681d566cb68d36701c1f1754ddc2dcb9a439a70f8
- SHA512
  
  3970a9e72dcaf82acf0a32c2bceb3ab2bb87614d79e893a318fbc5971f41a310911037ce5c4081aaebb7084ba9747a5d8a020ac8032fbfc8c1c1aabaf6b888a9
- SSDEEP
  
  49152:kUUd3LmqgfVwPns0hPEwNYRjLDtAgEGiSKbKmdQxrOL79l523xLJcIF:kUUd3L9gt2h8IYRjL5AHFSKO5g9l520g
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy