agenttesla | a0dee72c5357c474929e083d2205d18b00fedb479ba4fba32fffc91c3d32c6b9 | Triage

Submit
Reports

Overview

overview

Static

static

3

REXObfuscator.exe

windows10-2004-x64

REXObfuscator.exe

windows11-21h2-x64

Sharing

General

Target

REXObfuscator.exe
Size

4.9MB
Sample

240430-a4qt5afb76
MD5

c80af0de7960d66227c20901ad220feb
SHA1

83fe8468210035bbb2c24b50645a11e62fb377bd
SHA256

a0dee72c5357c474929e083d2205d18b00fedb479ba4fba32fffc91c3d32c6b9
SHA512

f34e1a276cd3db5676e5d6ef92343f1d456c72e93024cf9bde817bf6a3ae0aa9f903123b3796862fa28e1e8cbcf1271bb77f96ac4f699a79ddab1134fb924f13
SSDEEP

98304:Fz/2M3gz6lUcoD83VAZGtqEnQcvytg1ucK3t:V/2M3/lfXlAZXEnQcaeucK3t

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

REXObfuscator.exe

Resource

win10v2004-20240419-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

REXObfuscator.exe

Resource

win11-20240426-en

agenttesla evasion keylogger spyware stealer trojan

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  REXObfuscator.exe
- Size
  
  4.9MB
- MD5
  
  c80af0de7960d66227c20901ad220feb
- SHA1
  
  83fe8468210035bbb2c24b50645a11e62fb377bd
- SHA256
  
  a0dee72c5357c474929e083d2205d18b00fedb479ba4fba32fffc91c3d32c6b9
- SHA512
  
  f34e1a276cd3db5676e5d6ef92343f1d456c72e93024cf9bde817bf6a3ae0aa9f903123b3796862fa28e1e8cbcf1271bb77f96ac4f699a79ddab1134fb924f13
- SSDEEP
  
  98304:Fz/2M3gz6lUcoD83VAZGtqEnQcvytg1ucK3t:V/2M3/lfXlAZXEnQcaeucK3t
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy