agenttesla | 438f733d858508c39ae81b7238a7c98232dabc6d389b24e4471c4a16546428a5 | Triage

Submit
Reports

Overview

overview

Static

static

7

Skou+Multi-Loader.exe

windows11-21h2-x64

Sharing

General

Target

Skou+Multi-Loader.exe
Size

5.4MB
Sample

240908-dhgk4steng
MD5

5a12c9a8274bdca0b49661ca8a2d031f
SHA1

5433c508da3f3740792dab061228cfb1318d151c
SHA256

438f733d858508c39ae81b7238a7c98232dabc6d389b24e4471c4a16546428a5
SHA512

8d14a9b8e583f69cc82d04dba24bb4a3ecf0253f741cf6c3efb5c7ba5932ee160e2f3a87f43b44b1a6ff3eaac03d454703b3391ab8de294a2bc7fed203643469
SSDEEP

98304:+RHOvLqx0/O4d1f3Z53AlKAdvD7WANTprOhfEQw2uQzjU411IGUmz4k/nqoIX8NV:qHWLo2OcJr3YhdvxNTpqhMMjIGzkk/nr

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Skou+Multi-Loader.exe

Resource

win11-20240802-en

agenttesla discovery evasion keylogger spyware stealer themida trojan

windows11-21h2-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Skou+Multi-Loader.exe
- Size
  
  5.4MB
- MD5
  
  5a12c9a8274bdca0b49661ca8a2d031f
- SHA1
  
  5433c508da3f3740792dab061228cfb1318d151c
- SHA256
  
  438f733d858508c39ae81b7238a7c98232dabc6d389b24e4471c4a16546428a5
- SHA512
  
  8d14a9b8e583f69cc82d04dba24bb4a3ecf0253f741cf6c3efb5c7ba5932ee160e2f3a87f43b44b1a6ff3eaac03d454703b3391ab8de294a2bc7fed203643469
- SSDEEP
  
  98304:+RHOvLqx0/O4d1f3Z53AlKAdvD7WANTprOhfEQw2uQzjU411IGUmz4k/nqoIX8NV:qHWLo2OcJr3YhdvxNTpqhMMjIGzkk/nr
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy