Overview

overview

10

Static

static

3

Runtime Broker.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Runtime Broker.exe

  • Size

    3.6MB

  • Sample

    240910-bsyahazfmr

  • MD5

    1484a688240ca48126a63402656a0ffb

  • SHA1

    9e8cf89f2c660c3de642c77505df683fdbdecf81

  • SHA256

    7dae384e0b67a443fce25a0e8b08e1ea8de09f8b25dd887f023667647db3f279

  • SHA512

    453310785a5357fb22249dbdd7c806537b4dc56f059eb80efbeb3113c2327cc6e3882ab677aac866364a8f7f46eeea62729bd692f6e8f074f237cb5df68d5dfa

  • SSDEEP

    98304:/ZjirkSkZ2z20nn4De0ybAwhEFRRF6dJx:/MUZ2S0nn4yg1fF+Jx

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Runtime Broker.exe

    • Size

      3.6MB

    • MD5

      1484a688240ca48126a63402656a0ffb

    • SHA1

      9e8cf89f2c660c3de642c77505df683fdbdecf81

    • SHA256

      7dae384e0b67a443fce25a0e8b08e1ea8de09f8b25dd887f023667647db3f279

    • SHA512

      453310785a5357fb22249dbdd7c806537b4dc56f059eb80efbeb3113c2327cc6e3882ab677aac866364a8f7f46eeea62729bd692f6e8f074f237cb5df68d5dfa

    • SSDEEP

      98304:/ZjirkSkZ2z20nn4De0ybAwhEFRRF6dJx:/MUZ2S0nn4yg1fF+Jx

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks