Overview

overview

10

Static

static

8b6f40d327...ac.exe

windows7_x64

10

8b6f40d327...ac.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294204s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    14-04-2022 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b6f40d327d8f0c89cb9223840a3ae15c06bd4b7ae43a613ea619a04ba2441ac.exe

  • Size

    758KB

  • MD5

    c6e01fce47d2f5e46ddb65f389d48e35

  • SHA1

    af7b46434020214b9337dcb71a6174780610b30a

  • SHA256

    8b6f40d327d8f0c89cb9223840a3ae15c06bd4b7ae43a613ea619a04ba2441ac

  • SHA512

    1f9cfe322672ea30d752b20761c0968fd8c20742608ea70cf7fc71eda19ae729e1a085fe1eac450dcb0bcb665f4c2648d24c592267019bef01d3aa311f511e5a

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

http://malec-pompy.ml/a/inc/ed981c40cedc75.php

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla Payload 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b6f40d327d8f0c89cb9223840a3ae15c06bd4b7ae43a613ea619a04ba2441ac.exe
    "C:\Users\Admin\AppData\Local\Temp\8b6f40d327d8f0c89cb9223840a3ae15c06bd4b7ae43a613ea619a04ba2441ac.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Local\Temp\8b6f40d327d8f0c89cb9223840a3ae15c06bd4b7ae43a613ea619a04ba2441ac.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1804-58-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1804-59-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1804-61-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1804-62-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1804-63-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1804-66-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1804-68-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1844-54-0x0000000000870000-0x0000000000934000-memory.dmp

    Filesize

    784KB

    Download

  • memory/1844-55-0x0000000002220000-0x000000000228C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1844-56-0x0000000000450000-0x000000000046C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1844-57-0x0000000004CF0000-0x0000000004D56000-memory.dmp

    Filesize

    408KB

    Download