General
-
Target
CheatoSpoofer.zip
-
Size
31.7MB
-
Sample
240526-dp3rxscg7w
-
MD5
2a58f22766d0573537ca239ee1ad47a8
-
SHA1
a1689668104910f5cd70e94c3f2b8a02c12e619e
-
SHA256
aed6a5da30700be3079cb9f16447e289967740499f1acce297010fe8585b1add
-
SHA512
e20f6e45b35591a3b2273a9bfb57a6461a6d7bbcbb5958889eb63bff649c9e8b335534bf876cf46e799d5480fa8ab7c1ad29a25bc959c850618952f1e978f22b
-
SSDEEP
786432:MM0qE/lSBCxZ4hFcq/HPAOngY+sVdC5YPlDbI8E1xg+ZXXGWgBXjuxC+5:Mlq+Z4hKwvAVY7OqVbI/K+ZXWWgFd+5
Malware Config
Targets
-
-
Target
CheatoSpoofer.exe
-
Size
31.7MB
-
MD5
d55cc4db0fc8dbffe183f78205ec03fa
-
SHA1
f02664f6276a1b88ecb14efb4e7c7d9b0747c7d6
-
SHA256
a3c5ad53ca0367b79c56cb0dc0c42484b9a4e7fa77290ca6ec233f94cacf1e8b
-
SHA512
b26aaae019111d5e23fb293de30380646770dcd31e146edfaff37904f5dc78ac2504050d647d4f212ad42f14a9193a7dc6ef7171f30f356b023fd129e94ec251
-
SSDEEP
786432:0lH0ByeGkm9QxG774aXrKE/Awx7PL/PlTe0P98qtyXU:s6yesGWnbK5EPL/PlCk60q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-