Overview

overview

10

Static

static

3

Loader+(1).exe

windows7-x64

10

Loader+(1).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader+(1).exe

  • Size

    1.6MB

  • Sample

    240831-af2aysvbnm

  • MD5

    89609b97ee8724fcc501c283fff4670b

  • SHA1

    d1db7f43bfd839e288dd0c8918291d93ae13645a

  • SHA256

    8fba2d2313eb7904281553945b7c908dc1d699cb86becd10187291a151221156

  • SHA512

    befbe8198e225848801d60ffbbac3558d20ce14906b649e7e4f237883e7952bc20379e5295e926469920767acb46f6ce14e1a47c741957843f6958d3329cda7d

  • SSDEEP

    24576:qWr6q4h6UWK8wLCbPkMBQOusPpbCD4MVfFkZPcyu74LHFFmQ/jg2BZJ2GXYl5Br0:qA+WXf/rpCKFcysUlQO1f29nn0

Score
10/10
agenttesladiscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Loader+(1).exe

    • Size

      1.6MB

    • MD5

      89609b97ee8724fcc501c283fff4670b

    • SHA1

      d1db7f43bfd839e288dd0c8918291d93ae13645a

    • SHA256

      8fba2d2313eb7904281553945b7c908dc1d699cb86becd10187291a151221156

    • SHA512

      befbe8198e225848801d60ffbbac3558d20ce14906b649e7e4f237883e7952bc20379e5295e926469920767acb46f6ce14e1a47c741957843f6958d3329cda7d

    • SSDEEP

      24576:qWr6q4h6UWK8wLCbPkMBQOusPpbCD4MVfFkZPcyu74LHFFmQ/jg2BZJ2GXYl5Br0:qA+WXf/rpCKFcysUlQO1f29nn0

    Score
    10/10
    agenttesladiscoveryevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks