General

  • Target

    UDS-Trojan.Win32.GenericML.xnet-f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07

  • Size

    1.0MB

  • Sample

    240229-phs5pagf6y

  • MD5

    1a0a052fca12bdc25c5ea7ee1bf35dba

  • SHA1

    e04e8b069154effb70913d3a57b9e66ffb371c46

  • SHA256

    f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07

  • SHA512

    565d4a1a9f4cd1149c2940e6854e50f93fff401682dd0dd1e68e44283c6067bffb8fcc4ba0a1fe725f21015db0cf480df479bba0f9a938bc17894bf5fccb5219

  • SSDEEP

    24576:6AssCtLpQvpBgZorWPwrptA9EXPWGux0WGFTHpIliN:pKangZorWWIGux3aH6Y

Malware Config

Targets

    • Target

      UDS-Trojan.Win32.GenericML.xnet-f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07

    • Size

      1.0MB

    • MD5

      1a0a052fca12bdc25c5ea7ee1bf35dba

    • SHA1

      e04e8b069154effb70913d3a57b9e66ffb371c46

    • SHA256

      f4af4d159acdfc910bdcfbd109f58981be4e5b9e0f190857d641f86ed99e8a07

    • SHA512

      565d4a1a9f4cd1149c2940e6854e50f93fff401682dd0dd1e68e44283c6067bffb8fcc4ba0a1fe725f21015db0cf480df479bba0f9a938bc17894bf5fccb5219

    • SSDEEP

      24576:6AssCtLpQvpBgZorWPwrptA9EXPWGux0WGFTHpIliN:pKangZorWWIGux3aH6Y

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Detects executables packed with Babel

    • Detects executables packed with Dotfuscator

    • Detects executables packed with Goliath

    • Detects executables packed with SmartAssembly

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks