General
-
Target
86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
-
Size
876KB
-
Sample
221130-n659gsbh3x
-
MD5
7224c9668610d2e7c722e98e2aa937cb
-
SHA1
528fd30e17878c4382170293fde01b3486293c9e
-
SHA256
86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
-
SHA512
da994362157f2909db63ce8bc4eab8073e450e0652750e3153c491c53411ee69bce91796de0d8e5f6dddb5e667bbd1be318c292b34eb4387d625d28114530272
-
SSDEEP
6144:6ZYZWBXFXfMrKmcewHuqIDU7/5mgS7q0XQxvV2B/TsSZ7ADmQK5DLlH:dxFEIDC/5mi5KLsS2KhR
Behavioral task
behavioral1
Sample
86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
-
Size
876KB
-
MD5
7224c9668610d2e7c722e98e2aa937cb
-
SHA1
528fd30e17878c4382170293fde01b3486293c9e
-
SHA256
86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
-
SHA512
da994362157f2909db63ce8bc4eab8073e450e0652750e3153c491c53411ee69bce91796de0d8e5f6dddb5e667bbd1be318c292b34eb4387d625d28114530272
-
SSDEEP
6144:6ZYZWBXFXfMrKmcewHuqIDU7/5mgS7q0XQxvV2B/TsSZ7ADmQK5DLlH:dxFEIDC/5mi5KLsS2KhR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-