agenttesla | bb6e918af5bfb3f822303ecb08b16fcf901f0a98aad04e7a3fe77fe971e53fe6 | Triage

Submit
Reports

Overview

overview

Static

static

3

ProjectZen.rar

windows10-2004-x64

Sharing

General

Target

ProjectZen.rar
Size

66.3MB
Sample

240910-p6vy7avdqn
MD5

5ddbbeebbc483509361579fc6b7d4136
SHA1

5415cf6b36315b8766a9201c81b84d82f9c2214f
SHA256

bb6e918af5bfb3f822303ecb08b16fcf901f0a98aad04e7a3fe77fe971e53fe6
SHA512

49b898351e686eddc45b21c420270ea5f466914d8324898329c727aeeedd35b8ae2a1c18611f33c7519f8c6e76cbca66d4ebf61263be1fef7e83963fb924d311
SSDEEP

1572864:spaaPwUGKpmuPWacLoXKNLd8Yq8i5JYfgAuxAgsC:zaPw5OzaLoaNLG8i5agAcj3

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ProjectZen.rar

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ProjectZen.rar
- Size
  
  66.3MB
- MD5
  
  5ddbbeebbc483509361579fc6b7d4136
- SHA1
  
  5415cf6b36315b8766a9201c81b84d82f9c2214f
- SHA256
  
  bb6e918af5bfb3f822303ecb08b16fcf901f0a98aad04e7a3fe77fe971e53fe6
- SHA512
  
  49b898351e686eddc45b21c420270ea5f466914d8324898329c727aeeedd35b8ae2a1c18611f33c7519f8c6e76cbca66d4ebf61263be1fef7e83963fb924d311
- SSDEEP
  
  1572864:spaaPwUGKpmuPWacLoXKNLd8Yq8i5JYfgAuxAgsC:zaPw5OzaLoaNLG8i5agAcj3
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy