Agent Tesla v3 | 2442c3ecd042

Classifications

Spyware Keylogger

Threat Names

Agent Tesla Agent Tesla v3 Mal/Generic-S C2/Generic-A +1

Dynamic Analysis Report

Created on 2021-09-27T13:45:00

2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\\tmpG486.tmp (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	860.50 KB
MD5	768a1127c119149f96a29c0d0c0b56ec
SHA1	afe86ab8d4a8b5b092e95f1cb2ae563f5ea5867d
SHA256	2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af
SSDeep	12288:goSLU8CqriiULSX7yUrMjgY6WDWzjXbdarHOsnoaLOAmQsaypSL+jQHmLDsBhvs8:3bIFJ9F9lPV3X2hM3akNQF+0F+2
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

AV Matches (1)

Threat Name	Verdict
Trojan.GenericKD.47057587	malicious

PE Information

Image Base	0x400000
Entry Point	0x4bf602
Size Of Code	0xbd800
Size Of Initialized Data	0x19800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-09-27 01:33:48+00:00

Version Information (11)

Comments	-
CompanyName	F@Soft
FileDescription	Darwin AW
FileVersion	1.0.6.0
InternalName	TaskAwait.exe
LegalCopyright	Copyright © F@Soft
LegalTrademarks	-
OriginalFilename	TaskAwait.exe
ProductName	Darwin AW
ProductVersion	1.0.6.0
Assembly Version	1.0.6.2

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0xbd608	0xbd800	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.07
.rsrc	0x4c0000	0x19424	0x19600	0xbda00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.3
.reloc	0x4da000	0xc	0x200	0xd7000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0xbf5d8	0xbd7d8	0x0

Memory Dumps (2)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	AV	YARA	Actions
2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe	1	0x00400000	0x004DBFFF	Relevant Image		32-bit	-			... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x0043BFFF	Content Changed		32-bit	-			... Memory Dump Actions Go to Process Go to YARA Matches Download Dump

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After