Overview

overview

10

Static

static

1

file.html

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    176KB

  • Sample

    240523-af1pesed49

  • MD5

    6bc5d3a03c1743a427da3619a602b852

  • SHA1

    f5c61c9b60b9009b015c89e4f1d8ae8f7bb545ab

  • SHA256

    1dac9bf886bee2e9d288c39d1cd1e3d8507a923c63786a31342ea95f94808dc3

  • SHA512

    060093bde4373d6b114ee196418878dd08da2de3d0a345d57ad9ab0b8fae4a8a855fe59bc7c597b2792c6498b9e3dede699b401ded222101d60d799a8aeefdf9

  • SSDEEP

    1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xl3217Tzkeq:tiKgAkHnjPIQ6KSEX/5Hm/4Kz4

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      file

    • Size

      176KB

    • MD5

      6bc5d3a03c1743a427da3619a602b852

    • SHA1

      f5c61c9b60b9009b015c89e4f1d8ae8f7bb545ab

    • SHA256

      1dac9bf886bee2e9d288c39d1cd1e3d8507a923c63786a31342ea95f94808dc3

    • SHA512

      060093bde4373d6b114ee196418878dd08da2de3d0a345d57ad9ab0b8fae4a8a855fe59bc7c597b2792c6498b9e3dede699b401ded222101d60d799a8aeefdf9

    • SSDEEP

      1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xl3217Tzkeq:tiKgAkHnjPIQ6KSEX/5Hm/4Kz4

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks