Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231201-en -
resource tags
-
submitted
07-12-2023 02:35
General
-
Target
image.exe
-
Size
693KB
-
MD5
1b6a6d8b30c72cd3f29bb771473513eb
-
SHA1
2dea7685282c31774c0bf7e73134a9896a8ae3f8
-
SHA256
12b0b70b17d9fcd3f745e15f4a26c9dbd9a56bb9de6ffca349c7e9a0b5cae723
-
SHA512
521d8b98ea91dcbaac13f65dc10c53399d90898da1393c074e152d3cda234c686b1b7abf30e81852c446c16d1bd1e2e0c2a1fab43db915efd9abc907a0f07812
-
SSDEEP
12288:jaueH5qrBVCNI/IfW7Rvja9UZc98TLVW17CfQNOWr+3R:Sq1VCNI/E0jaSo8VW9IWr+
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg3plcpnl0195.prod.sin3.secureserver.net - Port:
587 - Username:
[email protected] - Password:
V#[email protected]&Qo! - Email To:
[email protected]
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\image.exe"C:\Users\Admin\AppData\Local\Temp\image.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\image.exe"C:\Users\Admin\AppData\Local\Temp\image.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
720KB
-
Filesize
104KB
-
Filesize
32KB
-
Filesize
40KB
-
Filesize
488KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
4KB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
256KB