agenttesla | f8aba5d136b8edf52385e9bb5efd03f4ac6e99f6ae3d5574b9b88cee35ec19e3 | Triage

Submit
Reports

Overview

overview

Static

static

3

KNX.exe

windows7-x64

KNX.exe

windows10-2004-x64

Sharing

General

Target

KNX.exe
Size

1.7MB
Sample

240727-y3xhaayhqf
MD5

2842e47311b96d8b87a2898c7ec55f0a
SHA1

9c0bca94fb062fe437680b1a7d8f86c7558b25d9
SHA256

f8aba5d136b8edf52385e9bb5efd03f4ac6e99f6ae3d5574b9b88cee35ec19e3
SHA512

d0e729294d73427bbec6c2fea81209bed173783d7ca66f12220761e0546b87f87a7b27b4981532b4665113c41d5a054a413e9ad3224c00467bd7b17070c0d72d
SSDEEP

49152:+n4H5eOWqlo8ugf58GHD5BR6oS4vtxxT08+6hvvb/7gxMQkN:+n4HkOWoduZID5Cx4vycveJkN

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

KNX.exe

Resource

win7-20240704-en

agenttesla discovery evasion keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

KNX.exe

Resource

win10v2004-20240709-en

agenttesla discovery evasion keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  KNX.exe
- Size
  
  1.7MB
- MD5
  
  2842e47311b96d8b87a2898c7ec55f0a
- SHA1
  
  9c0bca94fb062fe437680b1a7d8f86c7558b25d9
- SHA256
  
  f8aba5d136b8edf52385e9bb5efd03f4ac6e99f6ae3d5574b9b88cee35ec19e3
- SHA512
  
  d0e729294d73427bbec6c2fea81209bed173783d7ca66f12220761e0546b87f87a7b27b4981532b4665113c41d5a054a413e9ad3224c00467bd7b17070c0d72d
- SSDEEP
  
  49152:+n4H5eOWqlo8ugf58GHD5BR6oS4vtxxT08+6hvvb/7gxMQkN:+n4HkOWoduZID5Cx4vycveJkN
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy