Extracted

• • Target

    abc.exe

  • Size

    39KB

  • MD5

    86d5da568119c68aa30262d2a4ea0ff5

  • SHA1

    bf8f5daf767ffffe48ce3c0efdd47cd6ac617cba

  • SHA256

    3cb4c1cb608cf1fb9f880c19bbfe949557b2577b77469a7b4d4e8844c3ca6e52

  • SHA512

    fe234f30c7f9dd4ac7ce8115a7f3a463af12a03fca1682dfded849f778e5fae09776a4ebc11bd8685d31e2189ca71d2f22a49f7ac82914ecbded4864fbc9a2ca

  • SSDEEP

    768:MG7+qmT8ztyh6pwDYvCL6v6hCuuJf27j1fFWPG9/V6OOwhljObe:7fmT8ztyh6pwDnGwCuuJf4Fv9/V6OOwR

  Score

  10^/10

  agentteslaxwormagilenetkeyloggerpersistenceratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • AgentTesla payload

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Adds Run key to start application

    persistence
  behavioral1