Malicious
Malicious

35ddf752787b35e35bc54c66274381d4f7ab1648b5[...]f1b

PE Executable
|
MD5: b8865e349bb383f87b789f28c7d332cb
|
Size: 245.76 KB
|
application/x-msdownload

Executable
PE (Portable Executable)
Win 32 Exe
x86
RAT
AgentTesla
.Net
Print
General
Structural Analysis
Config.0
Yara Rules68
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
b8865e349bb383f87b789f28c7d332cb
Sha1
f0d2894044ab5dcf13b36d758636ad3bc7b39261
Sha256
35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b
Sha384
5a627eed2862c6915f1802df97edca07d2230d89721196c01af3ff085ce21c3e4022d7c4a1451e29515b27ef042f8ef9
Sha512
ef736f6dce7609e705fa3ff123535b5eac2d7a060e0166d3f496e1380133c8e311aaecae858bb804d14e40259b51ce16413ec619385a38d61011d5ba19001b19
SSDeep
3072:IdBayiq6lMAY19sOW1IkTHo9rG8KaG5jnTqnq0ufzz:Iayiq6Ty+Zsq8KaWT4
TLSH
683400027F88E715E1A93E3782EF6C2453B2B4C71733C60B6F49AB6524516826C7E72D

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b
Executable
PE (Portable Executable)
Win 32 Exe
x86
RAT
AgentTesla
.Net
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

8N57q4CivJ
Full Name

8N57q4CivJ
EntryPoint

System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name

8N57q4CivJ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1093
Main Method

System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count

62
Main IL

ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0051: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_0070: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>
Module Name

8N57q4CivJ
Full Name

8N57q4CivJ
EntryPoint

System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name

8N57q4CivJ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1093
Main Method

System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count

62
Main IL

ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0051: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_0070: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>
Module Name

8N57q4CivJ
Full Name

8N57q4CivJ
EntryPoint

System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Scope Name

8N57q4CivJ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

f45b853c-c9d3-495e-9acb-d41a4a90029f
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

1093
Main Method

System.Void HezT.lgBKovGgL::CsvxrnfLmFv()
Main IL Instruction Count

62
Main IL

ldc.i4 0 stloc V_0 br IL_00EF: br IL_000E nop <null> ldloc V_0 ldc.i4 3 ceq <null> brfalse IL_002D: nop call System.Void T4Au29ea.GJLHrcn9ae::SY7cB3VQ4() ldc.i4 4 stloc V_0 nop <null> ldloc V_0 ldc.i4 1 ceq <null> brfalse IL_0051: nop ldc.i4 4080 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 2 stloc V_0 nop <null> ldloc V_0 ldc.i4 4 ceq <null> brfalse IL_0070: nop call System.Void System.Windows.Forms.Application::Run() ldc.i4 5 stloc V_0 nop <null> ldloc V_0 ldc.i4 2 ceq <null> brfalse IL_00BE: nop call System.Net.Security.RemoteCertificateValidationCallback System.Net.ServicePointManager::get_ServerCertificateValidationCallback() ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 brtrue IL_00A1: ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Boolean HezT.lgBKovGgL::QGQP5E(System.Object,System.Security.Cryptography.X509Certificates.X509Certificate,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors) newobj System.Void System.Net.Security.RemoteCertificateValidationCallback::.ctor(System.Object,System.IntPtr) stsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 ldsfld System.Net.Security.RemoteCertificateValidationCallback HezT.lgBKovGgL::CS$<>9__CachedAnonymousMethodDelegate1 call System.Delegate System.Delegate::Combine(System.Delegate,System.Delegate) castclass System.Net.Security.RemoteCertificateValidationCallback call System.Void System.Net.ServicePointManager::set_ServerCertificateValidationCallback(System.Net.Security.RemoteCertificateValidationCallback) ldc.i4 3 stloc V_0 nop <null> ldloc V_0 ldc.i4 0 ceq <null> brfalse IL_00D9: nop nop <null> ldc.i4 1 stloc V_0 nop <null> ldloc V_0 ldc.i4 5 ceq <null> brfalse IL_00EF: br IL_000E br IL_00F4: ret br IL_000E: nop ret <null>
Artefacts
Name
 Value
Embedded Resources

0
Suspicious Type Names (1-2 chars)

0
35ddf752787b35e35bc54c66274381d4f7ab1648b5b5ff19b84cc9aa2e9ebf1b (245.76 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙