- Original Packed Sample: ae4d420c05281acf9696e558b02a42f8
- Unpacked Sample: f81064db46e305025ac6e2610e272eb3
- Source Url: hxxp://soksanhotels[.]com/calendar/daes/thai8.exe
- Info Url: URLhaus
- Automatic Generated Report: PepperMalware Report
- Virustotal First Submission: 2019-05-08 20:31:00
- Related links:
▼
▼
Monday, May 13, 2019
Quick Analysis of AgentTesla SMTP Variant Sample (dated 08-05-2019)
In this post I perform a quick analysis of a recent AgentTesla SMTP variant sample, paying special attention to the strings decryptor (most of the interesting information is kept as encrypted strings, smtp server and mail address included), in an attempt for documenting a bit more the decompiled source code with references to the decrypted strings where they are used, to understand how the malware works.