ateraagent | 1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390 | Triage

Submit
Reports

Overview

overview

Static

static

1

1a8ab399ac...90.cmd

windows7-x64

7

1a8ab399ac...90.cmd

windows10-2004-x64

Sharing

General

Target

1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390.cmd
Size

265B
Sample

241021-1wqghaygkb
MD5

552aac620854ab263f2cbfc738016667
SHA1

814694c7414aefc11517043112bb9c372a7c728b
SHA256

1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390
SHA512

124ff66046e0aad66af6bb2782388aaca88a5efd1886ddcbf5494e07e50c9d9d3ed6b79905728366e259a8b297a25556b1a5c6f09e862f576d538901916ac4f3

Score

10^/10

ateraagent discovery rat

Static task

static1

Behavioral task

behavioral1

Sample

1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390.cmd

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390.cmd

Resource

win10v2004-20241007-en

ateraagent discovery rat

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390.cmd
- Size
  
  265B
- MD5
  
  552aac620854ab263f2cbfc738016667
- SHA1
  
  814694c7414aefc11517043112bb9c372a7c728b
- SHA256
  
  1a8ab399acdb8561c1c59053f4de8fdebc12a4cfbea5ba513229ecb1d6bfe390
- SHA512
  
  124ff66046e0aad66af6bb2782388aaca88a5efd1886ddcbf5494e07e50c9d9d3ed6b79905728366e259a8b297a25556b1a5c6f09e862f576d538901916ac4f3
Score

10^/10

ateraagent discovery rat
- AteraAgent
  AteraAgent is a remote monitoring and management tool.
  rat ateraagent
- Detects AteraAgent
- Executes dropped EXE
- Loads dropped DLL
- Use of msiexec (install) with remote resource
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ateraagentdiscoveryrat

© 2018-2024

Terms | Privacy