agenttesla | 1bb76901f992100d6b323a70b3324f4850aea1d069c3d956f344de94d93ebc33

Analysis

max time kernel
5s
max time network
127s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c10ce97e6544cd7e04b4aa1a9c4df1eb.exe
Size

326KB
MD5

c10ce97e6544cd7e04b4aa1a9c4df1eb
SHA1

8549cd3ebaa0cbeed269cac3da0b41a43341951f
SHA256

4a274f08e6f2d51a2c34b022c9eb66bb8de77fa9fe05d2aef25e9c0dec6d6c01
SHA512

b0102e230b5d1ea1ff2f473ebd357779cdbf6b9d8fbc02289524b4ce7962842fd62ab53a881d2d948feb68d488136bdc38ed67f7ba7ccea06ed6b47c115370dc
SSDEEP

6144:fQ606x5wOyFNKvLOsI5H8Tx836e1NputSMFNZc9t6nzNH45X:/wDSvysI58x83R1NpsVFfZn945X

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.coolinic.com.my
Port:
587
Username:
[email protected]
Password:
Nadiya1611
Email To:
[email protected]

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\resources\Standardstik\Maculations.Bis	c10ce97e6544cd7e04b4aa1a9c4df1eb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c10ce97e6544cd7e04b4aa1a9c4df1eb.exe
"C:\Users\Admin\AppData\Local\Temp\c10ce97e6544cd7e04b4aa1a9c4df1eb.exe"
1⤵
- Drops file in Windows directory
PID:2124
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
  "C:\Users\Admin\AppData\Local\Temp\c10ce97e6544cd7e04b4aa1a9c4df1eb.exe"
  2⤵
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd584E.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
memory/2124-7-0x0000000077220000-0x00000000773C9000-memory.dmp

Filesize
1.7MB

Download
memory/2124-8-0x0000000077410000-0x00000000774E6000-memory.dmp

Filesize
856KB

Download
memory/2124-9-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/2364-10-0x0000000077220000-0x00000000773C9000-memory.dmp

Filesize
1.7MB

Download
memory/2364-32-0x0000000000400000-0x0000000000615000-memory.dmp

Filesize
2.1MB

Download
memory/2364-33-0x00000000011E0000-0x00000000067AC000-memory.dmp

Filesize
85.8MB

Download
memory/2364-34-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2364-35-0x0000000073120000-0x000000007380E000-memory.dmp

Filesize
6.9MB

Download
memory/2364-36-0x00000000357C0000-0x0000000035800000-memory.dmp

Filesize
256KB

Download
memory/2364-38-0x0000000073120000-0x000000007380E000-memory.dmp

Filesize
6.9MB

Download
memory/2364-39-0x00000000357C0000-0x0000000035800000-memory.dmp

Filesize
256KB

Download