Overview

overview

10

Static

static

SecuriteIn...32.exe

windows7_x64

10

SecuriteIn...32.exe

windows10_x64

10

Analysis

  • max time kernel
    143s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-07-2021 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.14032.exe

  • Size

    767KB

  • MD5

    b865eba7ad12435f66fcc532eeb6f2ce

  • SHA1

    53c1a9b23d65b6dc77bf79aebdef23ee815106f7

  • SHA256

    a22a93aa201096c6ae9d68aa245093f3b922b90e31a529ce94bcdbd2c0507e86

  • SHA512

    e0c8080044ad1d0a57f70c4834be9b62468bd61ec85f3464dfcdf1efe6efba6b9b22f57f1a6294c729fcaa9f0a4a79a28e5b03fdb05d4fae0781eca18ee07265

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.vivaldi.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Amalogs21345@

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.14032.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.14032.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1832-114-0x0000000000E30000-0x0000000000E31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1832-116-0x0000000005760000-0x000000000581A000-memory.dmp
    Filesize

    744KB

    Download
  • memory/1832-117-0x000000000B1E0000-0x000000000B1E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1832-118-0x000000000ACE0000-0x000000000ACE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1832-119-0x000000000AD80000-0x000000000AD81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1832-120-0x0000000005210000-0x0000000005211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1832-121-0x0000000005850000-0x0000000005851000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1832-122-0x0000000005970000-0x000000000598B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/1832-123-0x0000000005C30000-0x0000000005CB1000-memory.dmp
    Filesize

    516KB

    Download
  • memory/1832-124-0x0000000005D00000-0x0000000005D3D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/3940-125-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3940-126-0x00000000004374DE-mapping.dmp
    Download
  • memory/3940-131-0x00000000056F0000-0x00000000056F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3940-132-0x0000000006370000-0x0000000006371000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3940-133-0x0000000006400000-0x0000000006401000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3940-136-0x00000000056F1000-0x00000000056F2000-memory.dmp
    Filesize

    4KB

    Download