General
-
Target
DeathCrypter-0.7.0.exe
-
Size
9.8MB
-
Sample
240630-tdtmwatdqn
-
MD5
e5b1ff36f9fca02f63e3de2fe4861b55
-
SHA1
36e275dcf39a1a963ee0113af3e9f60e2a1a40f7
-
SHA256
57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80
-
SHA512
bf43a7e5c839de792e756dc3ec75a9be8e779f57f7ab84f7e157aa796f7569045166e1fc889d014b0411501a4f3a4656a037fba78cf44d39b4b03b965bd8e09f
-
SSDEEP
196608:t41mNygKiOPY+ZozEhjRS5jlFUMEEk1n9V4rdkACYnksmj4bsDgbC8VN0:t4Oy+OjkEhjQlFFha9WrmAmwbzCN
Static task
static1
Behavioral task
behavioral1
Sample
DeathCrypter-0.7.0.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
DeathCrypter-0.7.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
DeathCrypter-0.7.0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
DeathCrypter-0.7.0.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
DeathCrypter-0.7.0.exe
-
Size
9.8MB
-
MD5
e5b1ff36f9fca02f63e3de2fe4861b55
-
SHA1
36e275dcf39a1a963ee0113af3e9f60e2a1a40f7
-
SHA256
57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80
-
SHA512
bf43a7e5c839de792e756dc3ec75a9be8e779f57f7ab84f7e157aa796f7569045166e1fc889d014b0411501a4f3a4656a037fba78cf44d39b4b03b965bd8e09f
-
SSDEEP
196608:t41mNygKiOPY+ZozEhjRS5jlFUMEEk1n9V4rdkACYnksmj4bsDgbC8VN0:t4Oy+OjkEhjQlFFha9WrmAmwbzCN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-