agenttesla | 43ad408d0653a7cb4ba9e37526d7da5363b9dfa1cb3316bc514864bdeae375fc | Triage

Submit
Reports

Overview

overview

Static

static

3

Sleettz Vi...on.exe

windows10-2004-x64

Sharing

General

Target

Sleettz Virtualization.exe
Size

2.0MB
Sample

240905-stde6athpg
MD5

8bac2777669c74c9e7d369f58abb1475
SHA1

9aa1508d292c4ac969f421a45a2d535bf4236030
SHA256

43ad408d0653a7cb4ba9e37526d7da5363b9dfa1cb3316bc514864bdeae375fc
SHA512

abb3b551ab270b0147559c2899605992a656f079d8114ebff5e5870e0022ba74d2d17d9ac6f6d7f85d08be4d52c47088d72ca76af9f119ab59762d32d89b53b1
SSDEEP

49152:K1/2SjKR1NNZHNNNNNNNXv2N8FR1NNZHNNNNNNNXv2N8lITYbNbNWo4kSH3OqtwC:42CKR1NNZHNNNNNNNXv2N8FR1NNZHNNO

Score

10^/10

agenttesla discovery evasion keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Sleettz Virtualization.exe

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger persistence spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Sleettz Virtualization.exe
- Size
  
  2.0MB
- MD5
  
  8bac2777669c74c9e7d369f58abb1475
- SHA1
  
  9aa1508d292c4ac969f421a45a2d535bf4236030
- SHA256
  
  43ad408d0653a7cb4ba9e37526d7da5363b9dfa1cb3316bc514864bdeae375fc
- SHA512
  
  abb3b551ab270b0147559c2899605992a656f079d8114ebff5e5870e0022ba74d2d17d9ac6f6d7f85d08be4d52c47088d72ca76af9f119ab59762d32d89b53b1
- SSDEEP
  
  49152:K1/2SjKR1NNZHNNNNNNNXv2N8FR1NNZHNNNNNNNXv2N8lITYbNbNWo4kSH3OqtwC:42CKR1NNZHNNNNNNNXv2N8FR1NNZHNNO
Score

10^/10

agenttesla discovery evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Downloads MZ/PE file
- Looks for VMWare Tools registry key
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy