agenttesla | 3fd1f1a5ce10e38ec3880b643b31498d378806dfefff90820f3b73fed736dbaa | Triage

Submit
Reports

Overview

overview

Static

static

7

3. Burgies...1].exe

windows7-x64

3. Burgies...1].exe

windows10-2004-x64

Sharing

General

Target

3. BurgiesFreeTemp [V1].exe
Size

6.4MB
Sample

240902-ymmm5sxbqf
MD5

4a1589604e6c667277362505b766aca6
SHA1

94dea4851ef30d6b53c664980f9287709702187b
SHA256

3fd1f1a5ce10e38ec3880b643b31498d378806dfefff90820f3b73fed736dbaa
SHA512

9b9eb8bea26bcb796c2754e98fff4fceddc83ca74ebcb52dc99216926f76cf24526fe32ad1d337b21cf8e8aa9755a3171c44acde7c83c82eb70b9f83e0eb0781
SSDEEP

196608:0/UzgnQLcf7AjVgxowXJ2vfFoImTSGw9mqEgT3U6:0/IguU7225J2Xce9mWU6

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3. BurgiesFreeTemp [V1].exe

Resource

win7-20240704-en

agenttesla discovery evasion keylogger spyware stealer themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3. BurgiesFreeTemp [V1].exe

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger spyware stealer themida trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  3. BurgiesFreeTemp [V1].exe
- Size
  
  6.4MB
- MD5
  
  4a1589604e6c667277362505b766aca6
- SHA1
  
  94dea4851ef30d6b53c664980f9287709702187b
- SHA256
  
  3fd1f1a5ce10e38ec3880b643b31498d378806dfefff90820f3b73fed736dbaa
- SHA512
  
  9b9eb8bea26bcb796c2754e98fff4fceddc83ca74ebcb52dc99216926f76cf24526fe32ad1d337b21cf8e8aa9755a3171c44acde7c83c82eb70b9f83e0eb0781
- SSDEEP
  
  196608:0/UzgnQLcf7AjVgxowXJ2vfFoImTSGw9mqEgT3U6:0/IguU7225J2Xce9mWU6
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealerthemidatrojan

behavioral2

agenttesladiscoveryevasionkeyloggerspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy