General
-
Target
291694865cd38c0e9b5a2700f1f4a401e263ff9ec402691bf83710b8e5f819b1
-
Size
351KB
-
Sample
220521-pnc1naahal
-
MD5
2f33e759c62f288727b2b49d3451124a
-
SHA1
912395161c215e8e2e0cd44b6a967aa21746403c
-
SHA256
291694865cd38c0e9b5a2700f1f4a401e263ff9ec402691bf83710b8e5f819b1
-
SHA512
adaf9485cfe4c9e41f805ae1ca081d3133747d81ed2d909ada7ba1ed865a2f718e34baf69024182ece574226a6d926470c0047421ba7620acc902a2f8a340cf1
Static task
static1
Behavioral task
behavioral1
Sample
bbcrypted.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bbcrypted.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
bbcrypted.exe
-
Size
724KB
-
MD5
0bdce81070764a570057b6381f91c225
-
SHA1
258b9e1189aa620632803aa1ede6cec3c0d7490b
-
SHA256
fda9cdc6d189a4f40199d09a2cd49522189e9494d6a7a3dc0d5bdd5faddb355a
-
SHA512
3dc23b61bc6044b99c0438d80aec8697073198731c59762b6e640b9283bd3c21ce9b25e356c4cf263f497ecca573f3d78bac3d56ff6402fb3640212474659866
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-