Overview

overview

10

Static

static

93caf26ccb...8a.exe

windows7-x64

10

93caf26ccb...8a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    157s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2022 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe

  • Size

    776KB

  • MD5

    5f5007d479284c637ee7af9ecf085ff9

  • SHA1

    b1d249b76d71b5486453ee088a30ab66398e1f74

  • SHA256

    93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a

  • SHA512

    899106d3a206d55ae94b2775c38c59a29db47a55e42da1bd9eae28afe3099193812a863e62d1f2a6f3afcfef7137f4c2ca0955c95f271197aae1bd502845b051

  • SSDEEP

    6144:qD2v7gkRvi3Kg4B1Rj7XvlczaB2DH2wMZgIaBI72xxaT+DSmKaWMueU+JqV3pDT/:werNJSsZgVm2WCD1KtMuL+J8VSpto

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    box@alscotop.com
  • Password:
    godisgreat

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe
    "C:\Users\Admin\AppData\Local\Temp\93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
    Filesize

    41KB

    MD5

    5d4073b2eb6d217c19f2b22f21bf8d57

    SHA1

    f0209900fbf08d004b886a0b3ba33ea2b0bf9da8

    SHA256

    ac1a3f21fcc88f9cee7bf51581eafba24cc76c924f0821deb2afdf1080ddf3d3

    SHA512

    9ac94880684933ba3407cdc135abc3047543436567af14cd9269c4adc5a6535db7b867d6de0d6238a21b94e69f9890dbb5739155871a624520623a7e56872159

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
    Filesize

    41KB

    MD5

    5d4073b2eb6d217c19f2b22f21bf8d57

    SHA1

    f0209900fbf08d004b886a0b3ba33ea2b0bf9da8

    SHA256

    ac1a3f21fcc88f9cee7bf51581eafba24cc76c924f0821deb2afdf1080ddf3d3

    SHA512

    9ac94880684933ba3407cdc135abc3047543436567af14cd9269c4adc5a6535db7b867d6de0d6238a21b94e69f9890dbb5739155871a624520623a7e56872159

    Download Submit
  • memory/1020-132-0x0000000000170000-0x0000000000238000-memory.dmp
    Filesize

    800KB

    Download
  • memory/1020-133-0x00000000050E0000-0x0000000005684000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1020-134-0x0000000004B30000-0x0000000004BC2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1020-135-0x0000000004F30000-0x0000000004FCC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/1020-136-0x00000000065A0000-0x0000000006606000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1020-137-0x00000000009E0000-0x0000000000A02000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4264-138-0x0000000000000000-mapping.dmp
    Download
  • memory/4264-139-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download