General

  • Target

    FKVVRDKa

  • Size

    2KB

  • Sample

    240307-vhqx8agb64

  • MD5

    c162a435aa3a7f2c3767c1f270b4318e

  • SHA1

    b95c15b6d92ea234198abb212db73f6ce2caaa2a

  • SHA256

    7f7c43675420d1a929fe29ad3f78782ac4e230279e028245cf1a134fd9b5ef2a

  • SHA512

    aa0c48f88c1e614d7e0f820b346d0c8878021c2744dd70fb78c20431a3ad1c05638373255b069fbf1ad2bccab4caf94d8291535a0aef18c332fc7e01bbe388a8

Malware Config

Targets

    • Target

      FKVVRDKa

    • Size

      2KB

    • MD5

      c162a435aa3a7f2c3767c1f270b4318e

    • SHA1

      b95c15b6d92ea234198abb212db73f6ce2caaa2a

    • SHA256

      7f7c43675420d1a929fe29ad3f78782ac4e230279e028245cf1a134fd9b5ef2a

    • SHA512

      aa0c48f88c1e614d7e0f820b346d0c8878021c2744dd70fb78c20431a3ad1c05638373255b069fbf1ad2bccab4caf94d8291535a0aef18c332fc7e01bbe388a8

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks