General
-
Target
nnLfl
-
Size
125KB
-
Sample
200713-c3982jshpa
-
MD5
b438cf5e9aa34e6cfa3d8d27d2649326
-
SHA1
a2545f5c8af6da03288dd0b24ddc72fbb35cad2d
-
SHA256
c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1
-
SHA512
d14ff36b56a7312a8860a87d242548b5e7df3f7174daeb2031b12a8d1bf5cfa8680442bf8ad1eb8393ec27fd65f6c02dfd51a93ba1974f6fa470218ef055ffdc
Static task
static1
Behavioral task
behavioral1
Sample
nnLfl.exe
Resource
win7
Behavioral task
behavioral2
Sample
nnLfl.exe
Resource
win10v200430
Malware Config
Extracted
httP://paste.ee/r/3rgRS
httPs://paste.ee/r/fgIgt
Targets
-
-
Target
nnLfl
-
Size
125KB
-
MD5
b438cf5e9aa34e6cfa3d8d27d2649326
-
SHA1
a2545f5c8af6da03288dd0b24ddc72fbb35cad2d
-
SHA256
c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1
-
SHA512
d14ff36b56a7312a8860a87d242548b5e7df3f7174daeb2031b12a8d1bf5cfa8680442bf8ad1eb8393ec27fd65f6c02dfd51a93ba1974f6fa470218ef055ffdc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-