agenttesla | 559edbe0910c66ecf21bb766dd14dc30f1db8153379c72410d4a88623611e477 | Triage

Submit
Reports

Overview

overview

Static

static

7

Burgies+Fr...+1.exe

windows10-1703-x64

Sharing

General

Target

Burgies+Free+Temp+1.exe
Size

6.1MB
Sample

240829-dv4w6s1erd
MD5

2d39790330e84baeb49b0703b529b8b1
SHA1

5f782112dddcc6c949a05d93415a007823a43f08
SHA256

559edbe0910c66ecf21bb766dd14dc30f1db8153379c72410d4a88623611e477
SHA512

fa21704ec51978fcd88af78afb7332a508364fc04d4ab297dd76483aa12fa57911d60d6d19212b9bbec47c28f6373aa29a306681f2dfa50140081e3466b8ac41
SSDEEP

98304:kF4FpDrHCezJxEi4dPkxtF0Ix2DlxjILMC6kXDTGPW5S3jT+ff+sX3iiZokdnT:k+5CKkViPFN6fPyS32fd3tokp

Score

10^/10

agenttesla discovery evasion keylogger persistence spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Burgies+Free+Temp+1.exe

Resource

win10-20240404-en

agenttesla discovery evasion keylogger persistence spyware stealer themida trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Burgies+Free+Temp+1.exe
- Size
  
  6.1MB
- MD5
  
  2d39790330e84baeb49b0703b529b8b1
- SHA1
  
  5f782112dddcc6c949a05d93415a007823a43f08
- SHA256
  
  559edbe0910c66ecf21bb766dd14dc30f1db8153379c72410d4a88623611e477
- SHA512
  
  fa21704ec51978fcd88af78afb7332a508364fc04d4ab297dd76483aa12fa57911d60d6d19212b9bbec47c28f6373aa29a306681f2dfa50140081e3466b8ac41
- SSDEEP
  
  98304:kF4FpDrHCezJxEi4dPkxtF0Ix2DlxjILMC6kXDTGPW5S3jT+ff+sX3iiZokdnT:k+5CKkViPFN6fPyS32fd3tokp
Score

10^/10

agenttesla discovery evasion keylogger persistence spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerpersistencespywarestealerthemidatrojan

© 2018-2025

Terms | Privacy