Overview

overview

10

Static

static

10

Aware_Temp.exe

windows10-2004-x64

10

Resubmissions

10-09-2024 16:04

240910-tjd5dasakq 10

10-09-2024 15:53

240910-tb1neashmb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Aware_Temp.exe

  • Size

    2.1MB

  • Sample

    240910-tb1neashmb

  • MD5

    f376f2b4f23e310203ed89e557b9b536

  • SHA1

    180528f79584d6fdc1b2f778fd37052469f4498d

  • SHA256

    4e61ea496619f7a20363fee6758481d56a2c11700595a31ad22fa4e3641bb0c6

  • SHA512

    8f1697d3d9f36ecd67a67e4fcf43f54ba62c5ebf129a74a55717297207140182b8e56218f6d5371dd9a63edd74838170a7df868ce27ef77a8645ac669fa031e9

  • SSDEEP

    49152:zVVRm2N7hDb0oiWnl9ACryoLoNTOzba1K5uYNwUT0:zVau7hDb06uCuM+TrK8UT0

Score
10/10
agentteslaneshtadiscoveryevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Aware_Temp.exe

    • Size

      2.1MB

    • MD5

      f376f2b4f23e310203ed89e557b9b536

    • SHA1

      180528f79584d6fdc1b2f778fd37052469f4498d

    • SHA256

      4e61ea496619f7a20363fee6758481d56a2c11700595a31ad22fa4e3641bb0c6

    • SHA512

      8f1697d3d9f36ecd67a67e4fcf43f54ba62c5ebf129a74a55717297207140182b8e56218f6d5371dd9a63edd74838170a7df868ce27ef77a8645ac669fa031e9

    • SSDEEP

      49152:zVVRm2N7hDb0oiWnl9ACryoLoNTOzba1K5uYNwUT0:zVau7hDb06uCuM+TrK8UT0

    Score
    10/10
    agentteslaneshtadiscoveryevasionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks