agenttesla

General

Target

Crystal_Temp_Perm.zip
Size

7.9MB
Sample

240326-ya2arsdc91
MD5

2b1df1859620c761d8e57c992f1bf88a
SHA1

3a18a399370486a300d424f5f279281bc67b2985
SHA256

a140b83fdaa58e7b736f54e6c03b6013edb4e6e39ea54466d07bd381bc551f3d
SHA512

4630042b47aa7d3be2dcbd3745c4e7fc12c709300143c2dd15fdb4291d106e92e45728f4ab8d131718208195a2bc3e0bad10c8a9fc975db5e4f48370e11d3486
SSDEEP

196608:d8cptv0V2yDw7ULMB7hroYvYM6prkiNhIQrRsTX85zW9:acxktMB7hrosYM6JjhIQNsrV9

Score

10^/10

Malware Config

Targets

- Target
  
  Crystal Temp+ Perm/Aremi v3_protected.exe
- Size
  
  5.8MB
- MD5
  
  30818cad2e5983aa365339ac70ed29ec
- SHA1
  
  76c48c83c2d891f9a307b3a087b7ca29b844c06e
- SHA256
  
  8a956dd81ce0c500f2a8ca58febde609733686dae94c91263ad7bc560e4ba9a4
- SHA512
  
  a33f0a91f7fb37996bad0992256c23d83b78fb7335c28c257fb4b97648eb69a7399f47486b61c16a1890e5139891ad70ffbd677ec4edadb62aaac702384e12a3
- SSDEEP
  
  98304:HqvT9n5S50x9ojeVlqHOEULzgLOLkD9KCAbN3pwim/OIgWMDgdMCMDgx:K7TSypVlASLzsJ9KdNZ6gWMDgdMCMDgx
Score

10^/10

agenttesla evasion keylogger persistence spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies visiblity of hidden/system files in Explorer
  evasion
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Crystal Temp+ Perm/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral2
- Target
  
  Crystal Temp+ Perm/aremi v3.exe
- Size
  
  1.6MB
- MD5
  
  1b49c25d797f1a978d11c8334d693995
- SHA1
  
  16f8272975123b5f2e1af72c038a30737823c3e1
- SHA256
  
  7ab837a255697285865c093d5c6fe44f36e0cf72febaabbdc97634fdae0a4f69
- SHA512
  
  0f28f88380dc1bccdad371dd1f19927706fad760c6c5a2f3a6b4072fb772234533148f3d990c42d13c1f683536f1b1974b7c8412d5158643af07cb1a9c5a3ebf
- SSDEEP
  
  24576:X41t5iCct5iCD+Mvpt5iCct5iCc+Mvr+Mvpt5iCct5iCg:IgWMvLgdMv6MvLg
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral3
- Target
  
  Crystal Temp+ Perm/aremi v3_protected.exe
- Size
  
  1.6MB
- MD5
  
  1b49c25d797f1a978d11c8334d693995
- SHA1
  
  16f8272975123b5f2e1af72c038a30737823c3e1
- SHA256
  
  7ab837a255697285865c093d5c6fe44f36e0cf72febaabbdc97634fdae0a4f69
- SHA512
  
  0f28f88380dc1bccdad371dd1f19927706fad760c6c5a2f3a6b4072fb772234533148f3d990c42d13c1f683536f1b1974b7c8412d5158643af07cb1a9c5a3ebf
- SSDEEP
  
  24576:X41t5iCct5iCD+Mvpt5iCct5iCc+Mvr+Mvpt5iCct5iCg:IgWMvLgdMv6MvLg
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral4