Analysis
-
max time kernel
1s -
max time network
38s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
27-07-2021 12:39
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BackDoor.SpyBotNET.25.6539.4149.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BackDoor.SpyBotNET.25.6539.4149.dll
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.BackDoor.SpyBotNET.25.6539.4149.dll
-
Size
643KB
-
MD5
0ed458621a0e75e9dac09b9cf00b909d
-
SHA1
02f07b3badc63785cd66b181657322f851d3b0c2
-
SHA256
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
-
SHA512
2cb0a297922a609ccbebe3bd64ba8aa7560e2440753c0c39da545cb78248050d1bb0b98b92dd9e013ead850a7087882296bb464e7f639e8c5456b0955f9f9ac9
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/628-63-0x0000000000710000-0x0000000000748000-memory.dmp family_agenttesla -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
regsvr32.exedescription pid process Token: SeDebugPrivilege 628 regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/628-59-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmpFilesize
8KB
-
memory/628-60-0x00000000004F0000-0x0000000000507000-memory.dmpFilesize
92KB
-
memory/628-62-0x0000000000520000-0x0000000000556000-memory.dmpFilesize
216KB
-
memory/628-63-0x0000000000710000-0x0000000000748000-memory.dmpFilesize
224KB
-
memory/628-67-0x000000001AD18000-0x000000001AD19000-memory.dmpFilesize
4KB
-
memory/628-66-0x000000001AD16000-0x000000001AD18000-memory.dmpFilesize
8KB
-
memory/628-65-0x000000001AD14000-0x000000001AD16000-memory.dmpFilesize
8KB
-
memory/628-64-0x000000001AD12000-0x000000001AD14000-memory.dmpFilesize
8KB
-
memory/628-68-0x000000001AD1D000-0x000000001AD3C000-memory.dmpFilesize
124KB