Overview

overview

10

Static

static

3

CheatoSpoofer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CheatoSpoofer.zip

  • Size

    31.7MB

  • Sample

    240526-dp3rxscg7w

  • MD5

    2a58f22766d0573537ca239ee1ad47a8

  • SHA1

    a1689668104910f5cd70e94c3f2b8a02c12e619e

  • SHA256

    aed6a5da30700be3079cb9f16447e289967740499f1acce297010fe8585b1add

  • SHA512

    e20f6e45b35591a3b2273a9bfb57a6461a6d7bbcbb5958889eb63bff649c9e8b335534bf876cf46e799d5480fa8ab7c1ad29a25bc959c850618952f1e978f22b

  • SSDEEP

    786432:MM0qE/lSBCxZ4hFcq/HPAOngY+sVdC5YPlDbI8E1xg+ZXXGWgBXjuxC+5:Mlq+Z4hKwvAVY7OqVbI/K+ZXWWgFd+5

Score
10/10
agentteslaagilenetkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      CheatoSpoofer.exe

    • Size

      31.7MB

    • MD5

      d55cc4db0fc8dbffe183f78205ec03fa

    • SHA1

      f02664f6276a1b88ecb14efb4e7c7d9b0747c7d6

    • SHA256

      a3c5ad53ca0367b79c56cb0dc0c42484b9a4e7fa77290ca6ec233f94cacf1e8b

    • SHA512

      b26aaae019111d5e23fb293de30380646770dcd31e146edfaff37904f5dc78ac2504050d647d4f212ad42f14a9193a7dc6ef7171f30f356b023fd129e94ec251

    • SSDEEP

      786432:0lH0ByeGkm9QxG774aXrKE/Awx7PL/PlTe0P98qtyXU:s6yesGWnbK5EPL/PlCk60q

    Score
    10/10
    agentteslaagilenetkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks