General
-
Target
049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb
-
Size
743KB
-
Sample
220521-byz2aacfh7
-
MD5
44229e676b5cf5b74c9dc24ba39a0e8f
-
SHA1
c1e3fe1369b4f5d0df3b143e1e35824497c19b75
-
SHA256
049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb
-
SHA512
86c00cb77169f5707720e6ae892501dc6bce01ba0d1b4aceba01b255b1745b5ef64fdc1a223e0be2ecfda3a7317e41fe52a6263c8f2366fe0255e1f7a44ca4c1
Static task
static1
Behavioral task
behavioral1
Sample
company profile_original.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
company profile_original.scr
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
excel doc spec.scr
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
excel doc spec.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
company profile_original.scr
-
Size
871KB
-
MD5
075cf1b8522892856efc41779993b228
-
SHA1
bed6399d4e012c2e253d442db8db0d3d1f8e5307
-
SHA256
2a529183f1105351617673ef3e12de1eebc24a13ca11b8d92330094bf0dc2bf5
-
SHA512
3feda16bfe9b64ae39d4ad49dbf18953372091c23e741e28ceeeab043f31cdfc57d74b5c902328cee61c98cf0db77f92c2f33722cd66a3814a0465a4326cf588
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
excel doc spec.scr
-
Size
834KB
-
MD5
4dc022310f86d0f94a74d8c0a7e7c58a
-
SHA1
e809aa0cfcc7d387bc4451015a751e685b1ddf7e
-
SHA256
92605cf78b7b975754a9defe3570dc6b30917fdfbc0d62f601145c28930c21f2
-
SHA512
e5da3f734a56435b815728353b5391358fad11752493a13c0b4aa21419a7f3de244b849986aa70b17be84699523767b822e2d502f3b376586e791663fcdb0a53
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-