General
-
Target
PySilon.key
-
Size
1024KB
-
Sample
240416-mx7khsge99
-
MD5
da9adb2ee03690d8c21fe5b18e750ddf
-
SHA1
e69540dfa5ea437b7fb18462db856dbe82b65f7f
-
SHA256
d1750d592f447e92a5b224bc09460fb1f351ebc07aec1ba03f7ce2dc0612ced4
-
SHA512
7a1e7ffa69c545c312bde9ffdcb6ec4af04a461002b6427b75d873f7a85f51d890bf236f920cba8e6e6de5b5b425c03bf8b245d1819730be475310b6d3a5b699
-
SSDEEP
24576:h0PRQRAFQpBeNM5HwLSPqMdLgfhPYYMJEla83x:0RQScHi+7dL8YZis8B
Static task
static1
Malware Config
Targets
-
-
Target
PySilon.key
-
Size
1024KB
-
MD5
da9adb2ee03690d8c21fe5b18e750ddf
-
SHA1
e69540dfa5ea437b7fb18462db856dbe82b65f7f
-
SHA256
d1750d592f447e92a5b224bc09460fb1f351ebc07aec1ba03f7ce2dc0612ced4
-
SHA512
7a1e7ffa69c545c312bde9ffdcb6ec4af04a461002b6427b75d873f7a85f51d890bf236f920cba8e6e6de5b5b425c03bf8b245d1819730be475310b6d3a5b699
-
SSDEEP
24576:h0PRQRAFQpBeNM5HwLSPqMdLgfhPYYMJEla83x:0RQScHi+7dL8YZis8B
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-