AgentTesla.v4 | 4fcbdbe09122

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\85110KA1961PLC001433.iso

Sample File

ISO 9660

MIME Type	application/x-iso9660-image
File Size	768.00 KB
MD5	44b5da05d2f080d09ec17359f60dacd6
SHA1	f1e1e3c2caf7b233a98b6a2c0ac3eabb96f2081b
SHA256	4fcbdbe09122e5dc33f831e7e65c39cab03b67e70e4d8f5d3c225a8c88c7fb7d
SSDeep	12288:xCcj8EhT1GrAjbadQSIVCXfUWQBZoeAfeDlV25x3nGxYcBa8k:ocj8EzCdQSIkXsWQE4lV259Gx
ImpHash	-

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

Archive Information

Number of Files	1
Number of Folders	0
Size of Packed Archive Contents	718.00 KB
Size of Unpacked Archive Contents	718.00 KB
File Format	iso_9660

Contents (1)

File Name	Packed Size	Unpacked Size	Compression	Is Encrypted	Modify Time	Verdict	Recursively Submitted	Actions
Ynstr.exe	718.00 KB	718.00 KB	-	False	2024-02-12 10:23 (UTC)	Malicious	-	... Actions Show File Submit File Download File

D:\Ynstr.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\Mtwbsyxsy.exe (Dropped File, Accessed File) C:\Users\RDhJ0CNFevzX\AppData\Roaming\sBRfm\sBRfm.exe (Accessed File)
Parent File	C:\Users\RDhJ0CNFevzX\85110KA1961PLC001433.iso
MIME Type	application/vnd.microsoft.portable-executable
File Size	718.00 KB
MD5	43a00ef10637139c060f1139df3b9cc1
SHA1	f717df8434925d25e03512c91385bc528576339e
SHA256	f2a3d321b3fbb2d3be23e5416a82b92d9aa73c3573ef0630d0570483ced8a731
SSDeep	12288:RCcj8EhT1GrAjbadQSIVCXfUWQBZoeAfeDlV25x3nGxYcBa8k:Icj8EzCdQSIkXsWQE4lV259Gx
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000B2C64	0x000B2E00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.64
.rsrc	0x004B6000	0x00000556	0x00000600	0x000B3000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.91
.reloc	0x004B8000	0x0000000C	0x00000200	0x000B3600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x004B4C5C	0x000B4C28	0x000B2E28	0x00000000

Memory Dumps (11)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
buffer	1	0x04730000	0x047E1FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04870000	0x04870FFF	First Execution	32-bit	0x04870000	... Actions Go to Process Download Dump
clrjit.dll	1	0x6E2D0000	0x6E34FFFF	First Execution	32-bit	0x6E336C02	... Actions Go to Process Download Dump
buffer	1	0x048C0000	0x048FDFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04B60000	0x04BA5FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00441FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x04E9E000	0x04E9FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00E2C000	0x00E2FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00BEE000	0x00BEFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00188000	0x0018FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00441FFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

1a95ef6e164b7b75a798264283d1207315732bb7b02cc56c4a6c95d51da6b8ca

Downloaded File

Text