Overview

overview

10

Static

static

1

file.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    176KB

  • Sample

    240522-2y7z1acc98

  • MD5

    beea526c04bd21a7f0022a826bd6b96c

  • SHA1

    61ed1bd1ca9059f0f1f77b8fe99595cfaf1ed52d

  • SHA256

    3f07778f987fe85d9fd96e1437a1cabee3fe806d198577f494a3acdb4a484ab8

  • SHA512

    6fd63736145aed940b0a152320634eeaef1bfa41d17ff853de3ec6d49bc3bb2898900ad8181c6f66ba7710848171347909cedc1eeefbee2716451d782e52085f

  • SSDEEP

    1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/Rl3317TzkeH:tiKgAkHnjPIQ6KSEX/OHmp4kq4

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      file

    • Size

      176KB

    • MD5

      beea526c04bd21a7f0022a826bd6b96c

    • SHA1

      61ed1bd1ca9059f0f1f77b8fe99595cfaf1ed52d

    • SHA256

      3f07778f987fe85d9fd96e1437a1cabee3fe806d198577f494a3acdb4a484ab8

    • SHA512

      6fd63736145aed940b0a152320634eeaef1bfa41d17ff853de3ec6d49bc3bb2898900ad8181c6f66ba7710848171347909cedc1eeefbee2716451d782e52085f

    • SSDEEP

      1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/Rl3317TzkeH:tiKgAkHnjPIQ6KSEX/OHmp4kq4

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Downloads MZ/PE file

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks