Overview

overview

10

Static

static

3

Utility 1.0.5.3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Utility+1.0.5.3.7z

  • Size

    80.1MB

  • Sample

    240911-retm6avdmh

  • MD5

    de28e1c45c94120168bedaa5a2623585

  • SHA1

    f7df33dad85def832322f1e4e84274b0ddca5e34

  • SHA256

    f9ea64101aa2653390d79c9f3b34aff0c8b1a3e87a2958be2d488a0c2061d114

  • SHA512

    b205faec83ed5f06e13fd102c14137de2b7acbecd2d2261afaab7310d28d2143da101285b0ebab814bc5e97adb76f9be19c76970ed237aa7f1dca33af0127813

  • SSDEEP

    1572864:mj6/4xut5SFxGr+0U/0qUrmz8eNY+nEHUGPd6M2W4blAM/ktg:mm/lfQGrZ2NKvdH2W4blQG

Score
10/10
agenttesladiscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Utility 1.0.5.3.exe

    • Size

      80.3MB

    • MD5

      9df116d463214ad42696da745600ee6e

    • SHA1

      dbbf859398a34306251c3b484362daba4c553f9d

    • SHA256

      42f87dcc7c95180584c1a4bc47741a9c916cffaf3acb66e1afcc77c82bbd7e05

    • SHA512

      58f9458d4c38df4502603e6ec9a32696b0e0d6fdd907a54bf0db2fb8474843c01451ae4886cb3e129ae955220d13e4a6a959a17cc765f2cebe4d810338714827

    • SSDEEP

      1572864:Z8XoJR784k9uzlSh5s2pGkBhKSUaWrlz/EKshAI2Ua59wVtXcTymTFYw9mK:eg84OuAL5KaWd/oAIcwVRIz

    Score
    10/10
    agenttesladiscoveryevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks