popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

DFI_0451_587_032.pdf

KeyBase AgentTesla
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 26, 2021, 5:57 p.m. April 26, 2021, 6:10 p.m.
Size 375.8KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2e85f22e8e3436b38af2299a04f0cad8
SHA256 bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050
CRC32 CF1FDE0D
ssdeep 6144:2vj35ZtfUeAIQHuA36cdSroobIjea50XN8/byvARG:2r33eeAItC66qoocjeuYYyYA
Yara
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • Win_Trojan_AgentTesla_IN_Zero - Win Trojan AgentTesla
  • PE_Header_Zero - PE File Signature Zero
  • Win_KeyBase_Keylogger_IN_Zero - Win KeyBase Keylogger

Name Response Post-Analysis Lookup
vtqt.xyz
A 45.85.90.14
45.85.90.14
IP Address Status Action
164.124.101.2 Active Moloch
45.85.90.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section {u'size_of_data': u'0x00031c00', u'virtual_address': u'0x00002000', u'entropy': 7.974398985054195, u'name': u'.text', u'virtual_size': u'0x00031a44'} entropy 7.97439898505 description A section with a high entropy has been found
entropy 0.541496598639 description Overall entropy of this PE file is high
url https://discord.com/
description Affect private profile rule win_files_operation
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
dead_host 45.85.90.14:80