agenttesla | b9c18ef61a449ae2b7a6a103544b7cd7f851039c2c9d660befbeb0bab40ace5d | Triage

Submit
Reports

Overview

overview

Static

static

3

ToX Premiu....2.exe

windows10-2004-x64

Sharing

General

Target

ToX Premium Utility v2.2.exe
Size

16.0MB
Sample

240329-sh7jvsbf66
MD5

66c8c9ada0060c91c74387feedc9cd9b
SHA1

f50449be945321e9fdb8bd5844a33d979f28f98e
SHA256

b9c18ef61a449ae2b7a6a103544b7cd7f851039c2c9d660befbeb0bab40ace5d
SHA512

310b438512cfa0482cb20b6246b747c3aa513705a5ad6f3dc1ad01d7c60511ea08a6cd5120b8715992cd04f0526816062e734eb0026fce91df6f23334158ac40
SSDEEP

196608:6l5D6g1Bn5g5vNdrdvfHq1X2DbbDU+GiT2ByiZ0gxNm/5:6lccwfHvfHq1X2TIFiwxNmh

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ToX Premium Utility v2.2.exe

Resource

win10v2004-20240226-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ToX Premium Utility v2.2.exe
- Size
  
  16.0MB
- MD5
  
  66c8c9ada0060c91c74387feedc9cd9b
- SHA1
  
  f50449be945321e9fdb8bd5844a33d979f28f98e
- SHA256
  
  b9c18ef61a449ae2b7a6a103544b7cd7f851039c2c9d660befbeb0bab40ace5d
- SHA512
  
  310b438512cfa0482cb20b6246b747c3aa513705a5ad6f3dc1ad01d7c60511ea08a6cd5120b8715992cd04f0526816062e734eb0026fce91df6f23334158ac40
- SSDEEP
  
  196608:6l5D6g1Bn5g5vNdrdvfHq1X2DbbDU+GiT2ByiZ0gxNm/5:6lccwfHvfHq1X2TIFiwxNmh
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy