Analysis
-
max time kernel
61s -
max time network
61s -
platform
windows7_x64 -
resource
win7 -
submitted
14-07-2020 14:17
Static task
static1
Behavioral task
behavioral1
Sample
buk.exe
Resource
win7
Behavioral task
behavioral2
Sample
buk.exe
Resource
win10v200430
General
-
Target
buk.exe
-
Size
279KB
-
MD5
0adfa647a523f3ffd47fca65b3830012
-
SHA1
ef3dc8671e76d34168b0ccdf8e9e6b4004cf9f8f
-
SHA256
4c5973bceb6055158baa38a15a42ee7d983d95d2bf81b89802e2947705feabae
-
SHA512
d39e3dd4bd35b044d2833e914aae43e1af9b76e85095c054bbd8ab229acc606ee2d4646b3875eee04f97244ef076056bc190f1dff9761c578eca78952aee3ac3
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
buk.exedescription pid process Token: SeDebugPrivilege 616 buk.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
buk.exepid process 616 buk.exe 616 buk.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.