Extracted

• • Target

    3D black.png

  • Size

    2.9MB

  • MD5

    3274147893f0d7107549d5e749a8a4e3

  • SHA1

    0e76d9b3affa982e485dd2bea76e1d43f2294077

  • SHA256

    687926097cbf2bf7780525d61f350db22837059cfd9cbb3caf64d10d11cb6ff1

  • SHA512

    832669e20fadb6ff07df9e9e2dae0bb64aa325a07b3a0da95d36f4ea9dec452f42919d00c53c7db2f88ebd8b53e89584c8b2caa7dec9c451f6f43280ed554f92

  • SSDEEP

    49152:ZkFAVYhQ7Yxteg7NNSbxfQ5QOD/zF2rpEFjsSqCe+GI5MSLRj9+ktGVZV/ZRUf1E:ZkmVYhQ7Yxteg7NNSbxfQ5QOD/zF2rpL

  Score

  10^/10

  agentteslaasyncratrat1agilenetaspackv2defense_evasiondiscoveryevasionkeyloggerpersistenceratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • AgentTesla payload

  • Async RAT payload

    rat

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral1