agenttesla | CashRAT[.]exe

Sharing

Copy URL Twitter E-mail

Reason

too many matches

General

Target

CashRAT.exe
Size

483.2MB
MD5

d40af8478e2ffe4d3ea1a6388fc3fd80
SHA1

e7273e3df7b6dc63daa27dbac66730b6b6fcb54d
SHA256

bfe5490db6bed7a2d9650a056b57e086d04fd0d46ac1b6aa9ffbede18436ff45
SHA512

64991f45ef9d91954f0b08b02fad861f18bd1f86b03a2185d2adc549263eb78c9df76672c8e9b7cfe6fb97903aa701d0ddbdf84351cbeaa27c0809e8a2602470
SSDEEP

6291456:3FkRA9FkRQfXWi2mBxRSkDqEe1YsPDbSxsZEn8uFGiQT8aBCw:+ZwamhSkeNXMw

Score

10^/10

agenttesla zgrat

Malware Config

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Zgrat family
zgrat

CustAttr .NET packer 1 IoCs

Detects CustAttr .NET packer in memory.

resource	yara_rule
sample	CustAttr

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CashRAT.exe

Files

CashRAT.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 62.2MB - Virtual size: 62.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 420.7MB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

Errors

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 62.2MB - Virtual size: 62.2MB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 512B - Virtual size: 12B

.enigma1 Size: 420.7MB - Virtual size: 8KB

.enigma2 Size: 304KB - Virtual size: 304KB

.text
Size: 62.2MB - Virtual size: 62.2MB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 512B - Virtual size: 12B

.enigma1
Size: 420.7MB - Virtual size: 8KB

.enigma2
Size: 304KB - Virtual size: 304KB