ateraagent | eb4e2f8d3d2a735a325c6510ba0f814ca4652dede7b62ee342ec6f0b0c00b04b | Triage

Submit
Reports

Overview

overview

Static

static

1

.cmd

windows7-x64

7

.cmd

windows10-2004-x64

Sharing

General

Target

.cmd
Size

243B
Sample

241202-vr93fstnas
MD5

c4bf62cf6cc80eac0f69164f01d1f5ee
SHA1

8d2a2748387d76924429b3fd35bca6ae2fca4507
SHA256

eb4e2f8d3d2a735a325c6510ba0f814ca4652dede7b62ee342ec6f0b0c00b04b
SHA512

92f06f6491347827e90eb36b1c424b20e19de1d460d45ac1313b4bdbdabb0aec9ba8983ff0a4a4efdbc34a9bcb52f58c15923ad7fbeda228aa8cef180512d87d

Score

10^/10

ateraagent discovery phishing rat

Static task

static1

Behavioral task

behavioral1

Sample

.cmd

Resource

win7-20241023-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

.cmd

Resource

win10v2004-20241007-en

ateraagent discovery phishing rat

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  .cmd
- Size
  
  243B
- MD5
  
  c4bf62cf6cc80eac0f69164f01d1f5ee
- SHA1
  
  8d2a2748387d76924429b3fd35bca6ae2fca4507
- SHA256
  
  eb4e2f8d3d2a735a325c6510ba0f814ca4652dede7b62ee342ec6f0b0c00b04b
- SHA512
  
  92f06f6491347827e90eb36b1c424b20e19de1d460d45ac1313b4bdbdabb0aec9ba8983ff0a4a4efdbc34a9bcb52f58c15923ad7fbeda228aa8cef180512d87d
Score

10^/10

ateraagent discovery phishing rat
- AteraAgent
  AteraAgent is a remote monitoring and management tool.
  rat ateraagent
- Ateraagent family
  ateraagent
- Detects AteraAgent
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Use of msiexec (install) with remote resource
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ateraagentdiscoveryphishingrat

© 2018-2024

Terms | Privacy