agenttesla

General

Target

download.7z
Size

4.4MB
Sample

240914-znp1bsvhmn
MD5

ffe3dd31de8fdb5592a143c08ce6fb1a
SHA1

e13d911a5d063e3338633c4b6fc94de8a40a06f9
SHA256

1817393bd7c79c042d495ad193e4d0ed73c05b43bab310c61b825b21593fbab7
SHA512

5a02b1ae19e821c048429d16eb9688727ab3903506b37f63a2aa30811f1a60751b891330948a7cf805c17c144e3da8cb1e95644f901fe8c6baa6e1f56973e1d7
SSDEEP

98304:rQom2sBF5SKfOeMbS7yLDhu6b4dn/7hSvWHfpZk:MomdZLfOZSeran/9SvWfk

Score

10^/10

Malware Config

Targets

- Target
  
  Moonlight.exe
- Size
  
  4.3MB
- MD5
  
  65c71b75e1ee1176650636ac6816121d
- SHA1
  
  00fb69078cf9dfc827c00d7fcf5f85aa87a98889
- SHA256
  
  78488efa7c39840d852439bc37a45a669c794121eb19e338d20baf7ae9987624
- SHA512
  
  04cdfc18919d979e80c9e823f0ba0b969bdb5b71ae1a32a6aa54daa1cfd8e437c23986e5244396c1fc8b1610d507dcf816fcc16dbf6f3f8d424259d493d7f328
- SSDEEP
  
  98304:L44K5BO2ohENkBMbc0X7EpZ8c8vZhX29KUoS+IYL6:L44K9gENkmchKVhX28UoSQ6
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer themida trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  omMnB.dll
- Size
  
  210KB
- MD5
  
  8890e0fdf9de22a57caec8d816f6b60b
- SHA1
  
  d3dd58a6878343af03181a9e79e07c25970907cb
- SHA256
  
  454d7c73f7fe4be7ea02a5015648def1eeeb039b13d2fcb6fcc4bc00d42ce0d1
- SHA512
  
  87f49445969fc0cf40214aedad2b12196412accca89a27938908a904ade3c2d91b432943f32e4b1aedaa00b91c10692ab2a629b745c38b9f881efbbeb358d3e5
- SSDEEP
  
  3072:+PQHzcAwfvAMpf8VEaR6zjxVIb1iKs9BFL40acJ9EulnuS4RhYO3rJBS4D2nIMcI:qQHBG/V8dDiR9fU4uhO4D4o
Score

1^/10
behavioral2