Sample
- SHA256
-
45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76 - Difficulty
- medium
- Platform
- Windows
- Tags
- .net .netreactor agenttesla obfuscated stage 3
- Likes
- 1
- Views
- 3
- Submitter
- struppigel
Analysis
Goal
If you want to analyze the full infection chain, start with the first stage here
Your task is to extract the configuration.
Description
This is an AgentTesla sample which is obfuscated with .NETReactor.
You do not need to write custom tooling for deobfuscating the config, nor do you need to deobfuscate all of the control flow obfuscation to obtain the config. Check the commandline switches in NetReactorSlayer and make it work for you.
Recommended Tools
dnspyex netreactorslayer shed
Image
Comments
Please login to view and post comments.