agenttesla | e29d278e33da6d0decd86fc5d0dc2cbd842a6b55934e4c72d10081ffb97ffbe4 | Triage

Submit
Reports

Overview

overview

Static

static

7

wfs4r3.zip

windows10-2004-x64

VertaxNew/Vertax.exe

windows10-2004-x64

VertaxNew/qqSnA.dll

windows10-2004-x64

1

Sharing

General

Target

wfs4r3.zip
Size

4.4MB
Sample

240909-27g5yavfnj
MD5

dc9c46a3619965e735623a5e38a1ea92
SHA1

588033ee11bdd103ad71cbef4314a28de268f4e5
SHA256

e29d278e33da6d0decd86fc5d0dc2cbd842a6b55934e4c72d10081ffb97ffbe4
SHA512

e8c91b7d46a0203d532c428f6ab0e060bc5e2e70d9c93ad2ec0aa5e0752001a32e34606611609d3c5649aa45dd22923a5ef9ff7877ee9d8409ca61983397e674
SSDEEP

98304:ruNJZ4pW50PVw2zwPb9sI0nMJR8fWVgtd/sTTNTyuvqeV7MI:ruLZsWWP5o9BJRtE03NTyuvrV7L

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

wfs4r3.zip

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger spyware stealer themida trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

VertaxNew/Vertax.exe

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger spyware stealer themida trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral3

Sample

VertaxNew/qqSnA.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  wfs4r3.zip
- Size
  
  4.4MB
- MD5
  
  dc9c46a3619965e735623a5e38a1ea92
- SHA1
  
  588033ee11bdd103ad71cbef4314a28de268f4e5
- SHA256
  
  e29d278e33da6d0decd86fc5d0dc2cbd842a6b55934e4c72d10081ffb97ffbe4
- SHA512
  
  e8c91b7d46a0203d532c428f6ab0e060bc5e2e70d9c93ad2ec0aa5e0752001a32e34606611609d3c5649aa45dd22923a5ef9ff7877ee9d8409ca61983397e674
- SSDEEP
  
  98304:ruNJZ4pW50PVw2zwPb9sI0nMJR8fWVgtd/sTTNTyuvqeV7MI:ruLZsWWP5o9BJRtE03NTyuvrV7L
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  VertaxNew/Vertax.exe
- Size
  
  4.3MB
- MD5
  
  32980bf90249d39c2bc463e6fb5cefa7
- SHA1
  
  76e18853ef019cff4b0015d1a6f8c47f3f506eba
- SHA256
  
  ed2d5f70ec106e4274bca6a85022a1fffad82c66745bde3c876962c06b75b61b
- SHA512
  
  156c9ffce33bf7b858bd85da726aa6ef6d8e9eee51d6c6072777037505619b144e332634158172cf36dcd3fa432fb266c32d1422f698ad1b4a9ca5087ed8c550
- SSDEEP
  
  98304:1GZqOKXmi+r5natSim9FH9yMpPsB3j2pmvLC/2CxEchlN36r:1GZqrXX+VneSimDHEMpPSKpmvLI7xEcA
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2
- Target
  
  VertaxNew/qqSnA.dll
- Size
  
  187KB
- MD5
  
  723d164690fc603643300163eba52041
- SHA1
  
  8533a92f65e6811bee999148e515e8c202667a9b
- SHA256
  
  7d1c100f1e79e91f8d6b9eaed5900e55c9483fdb22f07af8b10ee647230bdfbf
- SHA512
  
  dde4d24f122a51183ba57098b15c37fb411dbf21b8aa087e27c8394b8f7a99461a1ef30089dee44569c4fb72536dbb9b827c1f5409222339775f0279ba2fd2b9
- SSDEEP
  
  3072:mMJCT59bLzdkRUHkY9EWL0stmI+b0SZSU7j4h3DolnuS4RhYO3rJkS4yXTlYQ7jX:DJs5pKKHkWEs02FW5ZSw4h4uht4QTOQX
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealerthemidatrojan

behavioral2

agenttesladiscoveryevasionkeyloggerspywarestealerthemidatrojan

behavioral3

© 2018-2025

Terms | Privacy