Full malware analysis Work-Flow of AgentTesla Malware

Covers:

Initial MS Office document abusing external references
RTF document downloaded as external referenced object - exploiting CVE-2017-11882
Shellcode reversing and analysis - part of exploitation chain
Last stage reversing - final payload - VB wrapped-packed AgentTesla
AgentTesla deobfuscation and analysis

Sample:

[Link to AnyRun]

Download here:

[Samples (Github) - pass:infected]
[Pcap_of_stages_from_AnyRun - pass:infected]
[Shellcode decoding script]
[Token generation script for de4dot]

Used Tools covered in Video:

Oletools
xorsearch
scdbg
Tiny_Tracer
x64dbg
Ida Pro
pestudio
StringSifter
DnSpy
De4Dot
and others...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Full malware analysis work-flow of AgentTesla Malware.md

Full malware analysis work-flow of AgentTesla Malware.md

Full malware analysis Work-Flow of AgentTesla Malware

Covers:

Sample:

Download here:

Used Tools covered in Video:

Files

Full malware analysis work-flow of AgentTesla Malware.md

Latest commit

History

Full malware analysis work-flow of AgentTesla Malware.md

File metadata and controls

Full malware analysis Work-Flow of AgentTesla Malware

Covers:

Sample:

Download here:

Used Tools covered in Video: