General
-
Target
Utility1.0.5.3.exe
-
Size
80.3MB
-
Sample
240911-qtzx2stcmb
-
MD5
9df116d463214ad42696da745600ee6e
-
SHA1
dbbf859398a34306251c3b484362daba4c553f9d
-
SHA256
42f87dcc7c95180584c1a4bc47741a9c916cffaf3acb66e1afcc77c82bbd7e05
-
SHA512
58f9458d4c38df4502603e6ec9a32696b0e0d6fdd907a54bf0db2fb8474843c01451ae4886cb3e129ae955220d13e4a6a959a17cc765f2cebe4d810338714827
-
SSDEEP
1572864:Z8XoJR784k9uzlSh5s2pGkBhKSUaWrlz/EKshAI2Ua59wVtXcTymTFYw9mK:eg84OuAL5KaWd/oAIcwVRIz
Malware Config
Targets
-
-
Target
Utility1.0.5.3.exe
-
Size
80.3MB
-
MD5
9df116d463214ad42696da745600ee6e
-
SHA1
dbbf859398a34306251c3b484362daba4c553f9d
-
SHA256
42f87dcc7c95180584c1a4bc47741a9c916cffaf3acb66e1afcc77c82bbd7e05
-
SHA512
58f9458d4c38df4502603e6ec9a32696b0e0d6fdd907a54bf0db2fb8474843c01451ae4886cb3e129ae955220d13e4a6a959a17cc765f2cebe4d810338714827
-
SSDEEP
1572864:Z8XoJR784k9uzlSh5s2pGkBhKSUaWrlz/EKshAI2Ua59wVtXcTymTFYw9mK:eg84OuAL5KaWd/oAIcwVRIz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1