agenttesla

Sharing

Copy URL Twitter E-mail

General

Target

Velocity 713.7z
Size

38.9MB
Sample

240720-bjhtfstakd
MD5

600db85d0896bd4ca64d3e1cf28d0d6c
SHA1

53b07fda993398ff39b15ad9f9af9e0a72d116d6
SHA256

fcd4d4b1141a138caa8ff7d192b533b45dd421f0a72ca1d2779ad27e5548ff5b
SHA512

60ef4034e55e3ef47d597fc81bf6c259b68c7ca086c14f24d2fcd783540245bd050b737e4c7ae6e8ef75b96d22bba91d528990e3449c5de87ee97b18d5f1c67c
SSDEEP

786432:1aGIgd3ChvuFQaaMHvNn2lMCKaLO1TVEQYoa4afxFqlQS8SdU9ztNOb4nBW:tSFQ7aMPNnUDhO1T1pcvOQSPiObl

Score

10^/10

Malware Config

Targets

- Target
  
  Velocity 713.7z
- Size
  
  38.9MB
- MD5
  
  600db85d0896bd4ca64d3e1cf28d0d6c
- SHA1
  
  53b07fda993398ff39b15ad9f9af9e0a72d116d6
- SHA256
  
  fcd4d4b1141a138caa8ff7d192b533b45dd421f0a72ca1d2779ad27e5548ff5b
- SHA512
  
  60ef4034e55e3ef47d597fc81bf6c259b68c7ca086c14f24d2fcd783540245bd050b737e4c7ae6e8ef75b96d22bba91d528990e3449c5de87ee97b18d5f1c67c
- SSDEEP
  
  786432:1aGIgd3ChvuFQaaMHvNn2lMCKaLO1TVEQYoa4afxFqlQS8SdU9ztNOb4nBW:tSFQ7aMPNnUDhO1T1pcvOQSPiObl
Score

3^/10
behavioral1 behavioral2
- Target
  
  Velocity 713/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c97f23b52087cfa97985f784ea83498f
- SHA1
  
  d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
- SHA256
  
  e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
- SHA512
  
  ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
- SSDEEP
  
  49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score

1^/10
behavioral3 behavioral4
- Target
  
  Velocity 713/Velocity Spoofer.exe
- Size
  
  19.7MB
- MD5
  
  6cb66ac3e7d224dcf60fce2902f50d4b
- SHA1
  
  2bf70cf93d9d6ac13916c2affb610f2c6a885764
- SHA256
  
  dd2f3d7118883fd2d37095ff4abf738f99a23e801935671a56a85594aa6ceb04
- SHA512
  
  1ad4eb84196ff724f715b7338e08c1591fdcb28ddf0786e42cf02fcdcab05cd941e3b0bf43f39705f865ddf77dd9a2c82625441008fb5cd7b890b2bc94f73b39
- SSDEEP
  
  393216:l4qMf3RuoaX5L7nFv2TGIlkeBqkRbfxL9tMtbmE/WUnwbZSDUX:lPMvRU1rl+GxeBqkltMtV/WUnwbZ1
Score

10^/10

agenttesla evasion keylogger persistence spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies visiblity of hidden/system files in Explorer
  evasion
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  Velocity 713/key.txt
- Size
  
  43B
- MD5
  
  c7fe987ea952b2a3621c2a124df607e1
- SHA1
  
  27b33c13397e1a7a32e796414089c7d84e588ca3
- SHA256
  
  f2ea53349745adf75b983c7d1e9c5b43b8d03160ed14eb592f7579eb5d07d237
- SHA512
  
  a8b64001726db10e6ad6c40e7d2b2d0755bae6e0c1ea288fe7779b2faee50f23ec25bd01d7d22095b476c690b9d4f83320ac2b45a31e119e27334d1c7c12064a
Score

1^/10
behavioral7 behavioral8
- Target
  
  Velocity 713/velocity spoofer.exe
- Size
  
  19.6MB
- MD5
  
  0043cb93d8ff5d31698fc8682905ed21
- SHA1
  
  91579a84f56c6850e9e996508f86cccccbca6744
- SHA256
  
  e1b9f69a162f2d05059269bc8da64c6f1d1f799e8da5010545b2f490f6a370b4
- SHA512
  
  d61683d0d72403e6d88b8e678c2b3834790611a587a4b7f043d0ddec9619c03aa9293afd16f71a442133ccb793fa0fe5975066a1f0817d19b835683b472a9471
- SSDEEP
  
  393216:u4qMf3RuoaX5L7nFv2TGIlkeBqkRbfxL9tMtbmE/WUnwbZSDU:uPMvRU1rl+GxeBqkltMtV/WUnwbZ
Score

10^/10

agenttesla evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9