Introduction

This lab walkthrough focuses on analyzing a malicious executable, identified as part of the Agent Tesla malware family. The lab explores various aspects of malware analysis, such as unpacking obfuscated binaries, identifying embedded scripting engines, evaluating exfiltration mechanisms, and examining anti-VM techniques. By leveraging tools like Detect It Easy (DIE), UPX, dnSpy, Process Monitor ProcMon, and AutoIt Extractor, we dissect the functionality of the malware to understand its capabilities and persistence mechanisms.

Agent Tesla is a sophisticated malware strain widely known for its information-stealing capabilities, such as keylogging, screen capturing, and data exfiltration. It uses various evasion techniques, including obfuscation, anti-VM detection, and abuse of legitimate services for exfiltration. The lab emphasizes critical malware analysis workflows, including unpacking the binary, identifying its components, analyzing its behavior, and extracting meaningful indicators of compromise (IOCs).

Participants in this lab will gain hands-on experience in:

• Recognizing packed malware and utilizing tools to unpack and reveal its original code.
• Identifying scripting engines like AutoIt embedded in the malware to decode its functionality.
• Analyzing keylogging and screen logging functionalities to understand how data is captured.
• Unlock Your Full Learning Experience with BlueYard Labs

  Sign up to track your progress, unlock exclusive labs, and showcase
  your achievements—begin your journey now! Join for Free