Overview

overview

10

Static

static

3

c556abc2e0...60.exe

windows7-x64

10

c556abc2e0...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231130-en
  • resource tags

    arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2023 17:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c556abc2e04d6889cf0a059f9133af60.exe

  • Size

    1008KB

  • MD5

    c556abc2e04d6889cf0a059f9133af60

  • SHA1

    80d768a65c200d34517bdf788e8ae649e4f4addf

  • SHA256

    7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220a

  • SHA512

    1b766194cf4c7419366f9c05d1ba58ead14413125ce309825d4cd607edb4cb49bee7d4af46397df9d9bf27ea3418d96f642932ef068ea403f89a91b7e29162f7

  • SSDEEP

    24576:p1tk+pJ16fvFeZ81CAH9ddcuq+vHWH32M4L:rZJUf9HH9Euqn32r

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c556abc2e04d6889cf0a059f9133af60.exe
    "C:\Users\Admin\AppData\Local\Temp\c556abc2e04d6889cf0a059f9133af60.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\c556abc2e04d6889cf0a059f9133af60.exe
      "C:\Users\Admin\AppData\Local\Temp\c556abc2e04d6889cf0a059f9133af60.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\EMBARGO SALARIAL_MURILLO UMAÑA ANTONIO ROSARIO.pdf"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a1796055a901c8e4ed00eb206a280d27

    SHA1

    397391ad3561a17e4f967438b97c0f00cc8fa2b8

    SHA256

    9803556f82e7177a146c486a63eabdac9e5c960f2f62196ee7d2e7f84e7a0c1b

    SHA512

    f997e3ebe2912084188525b2b0a5d5ab71db5c3546f39531f8ac97d7da54ae95af0e8d9402dfaf8ade0c5cbbda71bcad2cb20e2899955e298e2381fce04a7c74

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\EMBARGO SALARIAL_MURILLO UMAÑA ANTONIO ROSARIO.pdf
    Filesize

    120KB

    MD5

    5fcdd51c3cd1d44b10275bec6e299ab5

    SHA1

    23f6b41f34950a0d6776b3b593c57474c7440797

    SHA256

    abcd38761579196d1f5fd4efa7c5eebc1f1e32c031775cb5539acef2dfc24bf5

    SHA512

    52c3bc80621716adbd9126d8ab284053bc298ab9c425ba455509851d32ae644eefb0856a33846eebe084d64d37495b479b21e7c26188aab4ed71f0b3a2ab50d6

    Download Submit

  • memory/2032-21-0x0000000074E70000-0x000000007555E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2032-1-0x0000000074E70000-0x000000007555E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2032-5-0x00000000006D0000-0x00000000006DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2032-4-0x0000000000670000-0x0000000000678000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2032-6-0x0000000005360000-0x0000000005406000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2032-0-0x0000000000BD0000-0x0000000000CD2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2032-2-0x0000000000610000-0x0000000000650000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2032-3-0x00000000006B0000-0x00000000006C8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2328-20-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-23-0x00000000004B0000-0x00000000004F0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2328-18-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-16-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2328-12-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-10-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-9-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-22-0x0000000074E70000-0x000000007555E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2328-7-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2328-41-0x0000000074E70000-0x000000007555E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2328-43-0x00000000004B0000-0x00000000004F0000-memory.dmp

    Filesize

    256KB

    Download