Overview

overview

10

Static

static

411fa03376...97.exe

windows7_x64

10

411fa03376...97.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    29-01-2021 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    411fa0337649ad03b57d223e60680397.exe

  • Size

    1.0MB

  • MD5

    411fa0337649ad03b57d223e60680397

  • SHA1

    9378612b41943680d24ae3e44ecdc5cff56fd630

  • SHA256

    1966492f3a7baeb08ef6aefa4fe27203de08d5965b91448c503fa12b2ade596d

  • SHA512

    f26344a879041c99b8b90e5e3f97a9935fc786db77c26d87c33763af3e6b35c3cf23ffd5dfa5b064f5e3a8d818a0b38dc96849cc76ee8f7c97a53abf3d0bd25d

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.migeulez.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Fyo*YWi7

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla Payload 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\411fa0337649ad03b57d223e60680397.exe
    "C:\Users\Admin\AppData\Local\Temp\411fa0337649ad03b57d223e60680397.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:384
    • C:\Users\Admin\AppData\Local\Temp\411fa0337649ad03b57d223e60680397.exe
      "C:\Users\Admin\AppData\Local\Temp\411fa0337649ad03b57d223e60680397.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/316-8-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/316-9-0x00000000004375EE-mapping.dmp
    Download
  • memory/316-10-0x00000000740C0000-0x00000000747AE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/316-11-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/316-13-0x0000000004C50000-0x0000000004C51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/384-2-0x00000000740C0000-0x00000000747AE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/384-3-0x0000000000BA0000-0x0000000000BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/384-5-0x0000000000440000-0x0000000000443000-memory.dmp
    Filesize

    12KB

    Download
  • memory/384-6-0x0000000004260000-0x0000000004261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/384-7-0x0000000004E70000-0x0000000004ED9000-memory.dmp
    Filesize

    420KB

    Download