Overview

overview

10

Static

static

3

SecuriteIn...64.exe

windows7-x64

10

SecuriteIn...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.MalwareX-gen.12374.8764.exe

  • Size

    3.1MB

  • Sample

    240222-nh9xrsgd21

  • MD5

    38efd309bef8f9d5e339b48fe5c71672

  • SHA1

    997e2fd2c0374cc5c151910e6639fe1833bb4403

  • SHA256

    8af02548debe64b5b38f97d8b066e193cb1dbbf605939ca71271164847b8de85

  • SHA512

    0cb298995b8096675397cfcc264afe2477f97ba57df3198b2dd84748811954c0beeb0e87451c261cbb8e59afc47e98cc558e63d03ef990ddf9044fde4d67ffda

  • SSDEEP

    49152:2+PsGH0UVM+0LJ/SRHwGckleJU/U5A50K2rpn3VQdxPYneabOIc0/S7jU0h2OGoc:RsGH0yKSfU5A50DRVF/S7w0DG5Wod

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.MalwareX-gen.12374.8764.exe

    • Size

      3.1MB

    • MD5

      38efd309bef8f9d5e339b48fe5c71672

    • SHA1

      997e2fd2c0374cc5c151910e6639fe1833bb4403

    • SHA256

      8af02548debe64b5b38f97d8b066e193cb1dbbf605939ca71271164847b8de85

    • SHA512

      0cb298995b8096675397cfcc264afe2477f97ba57df3198b2dd84748811954c0beeb0e87451c261cbb8e59afc47e98cc558e63d03ef990ddf9044fde4d67ffda

    • SSDEEP

      49152:2+PsGH0UVM+0LJ/SRHwGckleJU/U5A50K2rpn3VQdxPYneabOIc0/S7jU0h2OGoc:RsGH0yKSfU5A50DRVF/S7w0DG5Wod

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks