ateraagent | 76ba7f39672df24560422076d5c8b671e30adddc02b7773e8d614e6b23f639f7 | Triage

Submit
Reports

Overview

overview

Static

static

תוכני...ה.msi

windows7-x64

תוכני...ה.msi

windows10-2004-x64

Sharing

General

Target

76ba7f39672df24560422076d5c8b671e30adddc02b7773e8d614e6b23f639f7.zip
Size

2.6MB
Sample

241201-vzqc1s1php
MD5

6ad9aef633d10cd15fe94a5ccce2ea05
SHA1

b15600aab067a6dcf02b3d0108b92eabeacecd5e
SHA256

76ba7f39672df24560422076d5c8b671e30adddc02b7773e8d614e6b23f639f7
SHA512

2596eae6677235a2ff382b7725220bd1c7b63922faf69fe3dff2d81e1746df116856e37f82f669bb4c802d6ec75a07ee31be42c86f3168badd4784b4f5bb724e
SSDEEP

49152:TOgFipdX2MUoreBIDqGcM0hR6hllOs+7FieNHA8jkm66MNPh16wsYEybAsMrp5CO:T3kGMCBIeGcM0hgF+vjK6MNPh9styb+J

Score

10^/10

ateraagent discovery rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

תוכנית חדשה.msi

Resource

win7-20240903-en

ateraagent discovery rat

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

תוכנית חדשה.msi

Resource

win10v2004-20241007-en

ateraagent discovery rat

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  תוכנית חדשה.msi
- Size
  
  2.9MB
- MD5
  
  c4e4332cf78e92bef45cab4d8d9a29a8
- SHA1
  
  e6f5aae7f231f9f108f0bbcc5c7240bee17a180e
- SHA256
  
  63f2e49bd14880bed0033cbf0878ee50f18555432d3ad1439b304e6a2dc00fc6
- SHA512
  
  7a486e162560c736533d23cf7863eda03f822aff0411fab40d70518026a5c7bb765990139f37bae416cfad05b700756521e165f07b951041e5fb806644a54c63
- SSDEEP
  
  49152:4+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:4+lUlz9FKbsodq0YaH7ZPxMb8tT
Score

10^/10

ateraagent discovery rat
- AteraAgent
  AteraAgent is a remote monitoring and management tool.
  rat ateraagent
- Ateraagent family
  ateraagent
- Detects AteraAgent
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ateraagentdiscoveryrat

behavioral2

ateraagentdiscoveryrat

© 2018-2024

Terms | Privacy