Analysis
-
max time kernel
139s -
max time network
142s -
platform
windows10_x64 -
resource
win10 -
submitted
14-07-2020 14:17
General
-
Target
jiz.exe
-
Size
279KB
-
MD5
6ee90b652853289fcf4b52b2064c9f4d
-
SHA1
5806f0b1182dece0695b2f176e1af51d56641966
-
SHA256
819496d6ef872cf800b5e64428663500ed20c4d2234d501281e50883aa04bd05
-
SHA512
60458772471eb284b7dc5ddfec561f471c3b0417a41a888927fc55d9e83d1baa9e4bf83b40f1636ff18c847eebc5307953bfe399cbb068900d834061f6aa9945
Score
10/10
Malware Config
Extracted
Credentials
Protocol: smtp- Host:
terminal6.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
KjmOE%DvpSvC
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\jiz.exe"C:\Users\Admin\AppData\Local\Temp\jiz.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken