Overview

overview

10

Static

static

3

FiSxy.zip

windows10-2004-x64

1

FiSxy.dll

windows10-2004-x64

1

Ware.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FiSxy.zip

  • Size

    9.3MB

  • Sample

    240713-vft7vs1fkh

  • MD5

    650d64dbb75d0ba23e6105649d256ac7

  • SHA1

    595f5d6f2a6f8f4ace5f9edacc6fb9017c5e9ce1

  • SHA256

    1e47c7e10cb41f79fc9943deacae0b4f3014e4c8c3c9ba8b3bbf9826fc3b9b3d

  • SHA512

    50b387cf56482d2c504b6fdfdb4098a65edaa3a24382f4a541b44f8f02ec18c527f8c7b6c711745648b4a4eb1fd4cca49fdab6a0f3551bf64e212a5633c8a713

  • SSDEEP

    196608:YjVbYq3cKy25QdwKdqyxGm4xh96XEfCektMoBp4MJ604kqwEsqIUfg:YNY6cKy25EjdCZxL6XEfN683kqwbqIUI

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      FiSxy.zip

    • Size

      9.3MB

    • MD5

      650d64dbb75d0ba23e6105649d256ac7

    • SHA1

      595f5d6f2a6f8f4ace5f9edacc6fb9017c5e9ce1

    • SHA256

      1e47c7e10cb41f79fc9943deacae0b4f3014e4c8c3c9ba8b3bbf9826fc3b9b3d

    • SHA512

      50b387cf56482d2c504b6fdfdb4098a65edaa3a24382f4a541b44f8f02ec18c527f8c7b6c711745648b4a4eb1fd4cca49fdab6a0f3551bf64e212a5633c8a713

    • SSDEEP

      196608:YjVbYq3cKy25QdwKdqyxGm4xh96XEfCektMoBp4MJ604kqwEsqIUfg:YNY6cKy25EjdCZxL6XEfN683kqwbqIUI

    Score
    1/10
    behavioral1

    • Target

      FiSxy.dll

    • Size

      3.9MB

    • MD5

      061fdd662748fe013e43e81975f95643

    • SHA1

      80c2433e76ef79bfca8fd3d4ed02d80f950ab823

    • SHA256

      eae09a7de68e9e5e7645a45f5eaa047ea57b4c4ee9aedb3d60e7669b7ff8a204

    • SHA512

      382520a4c8c9fb4b25e0c30bcea8cfd7ca7b4f24b98b1dca269a50acf17a7950e309b5302fb9a92daacbc5111fc2475aa8be5a91d6156e52aad8a5a6e4e0df79

    • SSDEEP

      98304:czidru0KxLVN9NMjXGi2CoR6DbXRi8Aue8A:cziu00Lh6jS6DbXYXu

    Score
    1/10
    behavioral2

    • Target

      Ware.exe

    • Size

      5.8MB

    • MD5

      99a1de57017fe4a11903d9118db625f7

    • SHA1

      dfe45154c5ca78e738241bb1f1c921cd636f888f

    • SHA256

      73ff593b78962cfb92c6f014b347f2da92e97888130d73d841cfe5739411a4db

    • SHA512

      fe64cc2a381dbfa69dba944f3edd1abe9b5573f13a34ccefca0c3f0c9dc7688b92c4815bbe5fffd8cabb578d3f918731501051f979f88f8cd09054a1f81419f4

    • SSDEEP

      98304:WkhBYd7JXyDh4pCLGqkcck/c3tyyKNLfF4o/4MqgQGzMpS8NrWm2Kis:WkYd7JiV43qEk/cYPzuo/4MqgQ4CS26e

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks