General
-
Target
28b8a6d5f87043dd78a7a608c7b74637a5d43e2ddee6a2378e23edc224055577
-
Size
235KB
-
Sample
220521-pdkbzsacel
-
MD5
5ebbdfca73a38ef721651601ca74eb9a
-
SHA1
627f84c97a7383d35309e36459af3947c1386e49
-
SHA256
28b8a6d5f87043dd78a7a608c7b74637a5d43e2ddee6a2378e23edc224055577
-
SHA512
8a487730c5fd049f783d09ac97e05eff2bc56eadb8c3cf43c8c66f51af798ed0671d8eb12b0cd1eb65cc947d3bc60a4ff76de371c996e67b2eea80c7764b8b48
Static task
static1
Behavioral task
behavioral1
Sample
MM20ROMNORIN000387.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MM20ROMNORIN000387.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
MM20ROMNORIN000387.exe
-
Size
602KB
-
MD5
14f5466475d76194d720e3ad4ccc7cec
-
SHA1
df8c73e5029b2d6be696441ebd1519ef08b3ab29
-
SHA256
6def60b69deb5f2daeddbf624f84f03ec1bb971a8e49c67da3cbf3749a2ecdc7
-
SHA512
3c691d08d9b475b3822d84e1e00ed3dd2f43ecc3c55468ad9321935c91253883070364eae08f8be221a27122bc808b4ce6ac219817d78c9bd93f1f2912689912
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-