agenttesla | 85a8d0cee047255ca84d6f48058a553a783745b13196151c5dc34ade36599a0e | Triage

Submit
Reports

Overview

overview

Static

static

3

Sleettz Vi...on.exe

windows10-2004-x64

Sharing

General

Target

Sleettz Virtualization.exe
Size

2.0MB
Sample

240905-smwyxstbpl
MD5

393a0f8a3bacd8ade71d1874fde3568e
SHA1

9a56d4def655c0805714b32198000d0b177694da
SHA256

85a8d0cee047255ca84d6f48058a553a783745b13196151c5dc34ade36599a0e
SHA512

672ded8eaa8f1857c55b6cf6cdae1977c01a7538217fb3aecdc2f1339e94e2882495408772b6c935755c38165520c66850240f1302ba12d005945d8e354d48cb
SSDEEP

49152:X1/wXVtR1NNZHNNNNNNNXv2N8FR1NNZHNNNNNNNXv2N8lITYbNbNWo4kSH3OqtwE:lwFtR1NNZHNNNNNNNXv2N8FR1NNZHNNQ

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Sleettz Virtualization.exe

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Sleettz Virtualization.exe
- Size
  
  2.0MB
- MD5
  
  393a0f8a3bacd8ade71d1874fde3568e
- SHA1
  
  9a56d4def655c0805714b32198000d0b177694da
- SHA256
  
  85a8d0cee047255ca84d6f48058a553a783745b13196151c5dc34ade36599a0e
- SHA512
  
  672ded8eaa8f1857c55b6cf6cdae1977c01a7538217fb3aecdc2f1339e94e2882495408772b6c935755c38165520c66850240f1302ba12d005945d8e354d48cb
- SSDEEP
  
  49152:X1/wXVtR1NNZHNNNNNNNXv2N8FR1NNZHNNNNNNNXv2N8lITYbNbNWo4kSH3OqtwE:lwFtR1NNZHNNNNNNNXv2N8FR1NNZHNNQ
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy