agenttesla | 04f7cba421f4d722c23764c3c11952a500c458beb7af689baac4bc40cfb818c9 | Triage

Submit
Reports

Overview

overview

Static

static

7

RippleWoofer.exe

windows10-2004-x64

Sharing

General

Target

RippleWoofer.exe
Size

15.8MB
Sample

240902-pbenqazcnr
MD5

4cc80d3eded1e6fe6291f410746fe182
SHA1

43af000a15988600186898e6b313ec282c61a404
SHA256

04f7cba421f4d722c23764c3c11952a500c458beb7af689baac4bc40cfb818c9
SHA512

dec77618d20f28eb695329ace74915abc5af4d39010e770e78138c4d619fbeea8fd6a028ae8508ff4f6dcbd01a8cb84068727da4c8c81543dda8c8f63e7557a8
SSDEEP

393216:+iI3FUn3pS/fMzNH/uYWmsgpC6PqjaaLq/aanPrrz73Mg2:+l1s3pqfGNH2Y5vpC6PqjaaLqSaXz4J

Score

10^/10

agenttesla evasion keylogger spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

RippleWoofer.exe

Resource

win10v2004-20240802-en

agenttesla evasion keylogger spyware stealer themida trojan

windows10-2004-x64

9 signatures

600 seconds

Malware Config

Targets

- Target
  
  RippleWoofer.exe
- Size
  
  15.8MB
- MD5
  
  4cc80d3eded1e6fe6291f410746fe182
- SHA1
  
  43af000a15988600186898e6b313ec282c61a404
- SHA256
  
  04f7cba421f4d722c23764c3c11952a500c458beb7af689baac4bc40cfb818c9
- SHA512
  
  dec77618d20f28eb695329ace74915abc5af4d39010e770e78138c4d619fbeea8fd6a028ae8508ff4f6dcbd01a8cb84068727da4c8c81543dda8c8f63e7557a8
- SSDEEP
  
  393216:+iI3FUn3pS/fMzNH/uYWmsgpC6PqjaaLq/aanPrrz73Mg2:+l1s3pqfGNH2Y5vpC6PqjaaLqSaXz4J
Score

10^/10

agenttesla evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy