agenttesla | 783c5a590d5e1577c23f3d48859faec4269c8d3b5d7535ce5113792675514204 | Triage

Submit
Reports

Overview

overview

Static

static

lava.zip

windows10-2004-x64

8

Resubmissions

14-09-2024 05:04

240914-fql7nsxgml 10

14-09-2024 04:50

240914-fgcxmsxhmb 10

Sharing

General

Target

lava.zip
Size

50.6MB
Sample

240914-fgcxmsxhmb
MD5

22ea15e9e2b15ec209c39c67d5501544
SHA1

70d651509f651741d5696ef0ff71c246e8822fc5
SHA256

783c5a590d5e1577c23f3d48859faec4269c8d3b5d7535ce5113792675514204
SHA512

b737a2d1eaaf8280cf9a7ba7b8de8ebe3f1b2e353af94d3582e620926a5c71d64722a0a33645014cdf0bb77136e0f487a114f2430a687204fba67d154b92198b
SSDEEP

786432:AS8z/2LVMT91++JOWNQjocdwjvuO27GAvPHlIuJx0dGMtDwQRGvAaep7:ASW/2mxMDdwf2CYPKyfyR/n

Score

10^/10

agenttesla discovery persistence privilege_escalation

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

lava.zip

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  lava.zip
- Size
  
  50.6MB
- MD5
  
  22ea15e9e2b15ec209c39c67d5501544
- SHA1
  
  70d651509f651741d5696ef0ff71c246e8822fc5
- SHA256
  
  783c5a590d5e1577c23f3d48859faec4269c8d3b5d7535ce5113792675514204
- SHA512
  
  b737a2d1eaaf8280cf9a7ba7b8de8ebe3f1b2e353af94d3582e620926a5c71d64722a0a33645014cdf0bb77136e0f487a114f2430a687204fba67d154b92198b
- SSDEEP
  
  786432:AS8z/2LVMT91++JOWNQjocdwjvuO27GAvPHlIuJx0dGMtDwQRGvAaep7:ASW/2mxMDdwf2CYPKyfyR/n
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy