General
-
Target
356dc0f11faf581cf918641504d08fbb462cf6fec24ac887cf794fdb3148d8ee
-
Size
404KB
-
Sample
220521-pmta9aagfn
-
MD5
11cf91f5f208fb550e6fc5ad1b3a034b
-
SHA1
32801924fc72c3e337dcbda43bbae5b78cb046d0
-
SHA256
356dc0f11faf581cf918641504d08fbb462cf6fec24ac887cf794fdb3148d8ee
-
SHA512
ff1f776a8534777aabf571076d5837d90657f4acf24945315e49b276656b3aa780c89e4269bb9464e47e87c20ad26d1454be023dad24af90c96edc1eae134783
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Company Profile.exe
-
Size
1.0MB
-
MD5
7f78e87d56cbb516015bf8c2846168d5
-
SHA1
029af9362f655f3dc92644a430df9a3bef7504a9
-
SHA256
5bc6e2a48a6e75aeee2a6ac4fc410adf13281c1d0a299b3ffe4ee0d036d235df
-
SHA512
b2a244520e91659d0d808cac72e341a9c839cfce397d33dad8f6aefd803a349eb6f5b22b3b0f17d22dbf4e3f271af7e20948d001f6f44917c0ef5908bef91d3b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-