General

  • Target

    K.G.B MalwareShield.zip

  • Size

    1.4MB

  • Sample

    230804-rm3k2abc23

  • MD5

    e7eaf03f6c686a3fc15a112fde411687

  • SHA1

    0e1dc9e90c62fdc48bdf265aaf8288b104105459

  • SHA256

    f7b38b50fca4257c95e6d62d340ad627d32b262f80cd844ed3f91e500a55fd96

  • SHA512

    9f1eb780116d0204c0e8fc110e8dd2ffb2ff4c039b284ffead032cdbb93198c76f2561bf6068c832e17b21489265e96fb586f1d60baf33137ec8f76ebdd83565

  • SSDEEP

    24576:SGA9Na6xbZxpjl7kIIT4TqU9hkg6/QE0cbODhZGiErmZf+7stxVwoYhG:wNa6Jpjl2T417i/QE0cqDhrErGYoAG

Malware Config

Targets

    • Target

      K.G.B MalwareShield.exe

    • Size

      1.5MB

    • MD5

      cec45c255db218c9e338d4458a6f08f6

    • SHA1

      948698d59953ca85830c55c96f4a555045571f88

    • SHA256

      24e21452ca2ca14d759868726015184c81b9aeb0e7614ee25b723cf5dbb9f792

    • SHA512

      aca59dd211fc400dfce2499791d03a9b7ed05a0c0945416f67f88a3b575d8826a16f0d23346a4cac52f84aff4147e9779c0a95b4db3e7ce0d8763f2c5d569327

    • SSDEEP

      24576:xUSuMTN4IvbZldjH7kqKT4R+qNTkgoXQu0SbO1hZUiklmZN+BstJV1aod5UTh:KuN4IDtjHAT4vRgXQu0Sq1hNklG0oK

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks