agenttesla | e00f30fbf89010df952f9ee593655c3f1ccd4dc5e6a6ad733d0c91c1266336db | Triage

Submit
Reports

Overview

overview

Static

static

3

Masew_Cleaner.exe

windows11-21h2-x64

Sharing

General

Target

Masew_Cleaner.exe
Size

8.6MB
Sample

240831-1lay3axbng
MD5

4cea17c844a02332a5c5710e5c0a85f1
SHA1

606437280389be921c3da93b1fc45c04942dac6b
SHA256

e00f30fbf89010df952f9ee593655c3f1ccd4dc5e6a6ad733d0c91c1266336db
SHA512

9fe35b63ad3aa57be8ce6b35b63ffad25f281fe60ff129d602d80841bbcbfffc794d6bf70c1cfed79b00f41ad2f34a41a5b69a563e90c0a02595edcc4e401f0f
SSDEEP

196608:L4S7kvG91Co1vxBPMuFvxlBRh+LO1kSIvkKgRRwpR:LBo01CGxBPVNxVh+LO1kSwpgLwj

Score

10^/10

agenttesla defense_evasion discovery evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Masew_Cleaner.exe

Resource

win11-20240802-en

agenttesla defense_evasion discovery evasion keylogger spyware stealer trojan

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  Masew_Cleaner.exe
- Size
  
  8.6MB
- MD5
  
  4cea17c844a02332a5c5710e5c0a85f1
- SHA1
  
  606437280389be921c3da93b1fc45c04942dac6b
- SHA256
  
  e00f30fbf89010df952f9ee593655c3f1ccd4dc5e6a6ad733d0c91c1266336db
- SHA512
  
  9fe35b63ad3aa57be8ce6b35b63ffad25f281fe60ff129d602d80841bbcbfffc794d6bf70c1cfed79b00f41ad2f34a41a5b69a563e90c0a02595edcc4e401f0f
- SSDEEP
  
  196608:L4S7kvG91Co1vxBPMuFvxlBRh+LO1kSIvkKgRRwpR:LBo01CGxBPVNxVh+LO1kSwpgLwj
Score

10^/10

agenttesla defense_evasion discovery evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladefense_evasiondiscoveryevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy