General
-
Target
UDS-Trojan.Win32.GenericML.xnet-f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07
-
Size
1.0MB
-
Sample
240229-phs5pagf6y
-
MD5
1a0a052fca12bdc25c5ea7ee1bf35dba
-
SHA1
e04e8b069154effb70913d3a57b9e66ffb371c46
-
SHA256
f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07
-
SHA512
565d4a1a9f4cd1149c2940e6854e50f93fff401682dd0dd1e68e44283c6067bffb8fcc4ba0a1fe725f21015db0cf480df479bba0f9a938bc17894bf5fccb5219
-
SSDEEP
24576:6AssCtLpQvpBgZorWPwrptA9EXPWGux0WGFTHpIliN:pKangZorWWIGux3aH6Y
Behavioral task
behavioral1
Sample
UDS-Trojan.Win32.GenericML.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
UDS-Trojan.Win32.GenericML.xnet-f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07
-
Size
1.0MB
-
MD5
1a0a052fca12bdc25c5ea7ee1bf35dba
-
SHA1
e04e8b069154effb70913d3a57b9e66ffb371c46
-
SHA256
f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07
-
SHA512
565d4a1a9f4cd1149c2940e6854e50f93fff401682dd0dd1e68e44283c6067bffb8fcc4ba0a1fe725f21015db0cf480df479bba0f9a938bc17894bf5fccb5219
-
SSDEEP
24576:6AssCtLpQvpBgZorWPwrptA9EXPWGux0WGFTHpIliN:pKangZorWWIGux3aH6Y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Detects executables packed with Babel
-
Detects executables packed with Dotfuscator
-
Detects executables packed with Goliath
-
Detects executables packed with SmartAssembly
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-