Analysis
-
max time kernel
128s -
max time network
145s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 12:03
General
-
Target
Gee2 (2).exe
-
Size
279KB
-
MD5
1073f437cb157bd015dd057c2ccdef10
-
SHA1
2355b463fedee4ca9a4c28c408bf34c615bce5b0
-
SHA256
d3d939a15f12a31a76ec2ed2cc37cc1275a7917884d8f008504331c7814ac2fe
-
SHA512
e11026ead41a786d559cd08d43462e1b4e1faf511dbdeb8bf4cda502dbc10ff90c69a800b9451147c8bb5b004ec8752af968a96994519ca6263ced2266ecb010
Score
10/10
Malware Config
Extracted
Credentials
Protocol: smtp- Host:
webmail.mantenimientosymontajes.com - Port:
587 - Username:
info@mantenimientosymontajes.com - Password:
gnx1470
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Gee2 (2).exe"C:\Users\Admin\AppData\Local\Temp\Gee2 (2).exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken