Overview

overview

10

Static

static

10

Release/Guna.UI2.dll

windows7-x64

1

Release/Guna.UI2.dll

windows10-2004-x64

1

Release/Horizonxd.exe

windows7-x64

10

Release/Horizonxd.exe

windows10-2004-x64

10

Release/Ne...on.dll

windows7-x64

1

Release/Ne...on.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2023 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release/Horizonxd.exe

  • Size

    575KB

  • MD5

    9b74486fc963011686c58a3e21637eb3

  • SHA1

    b2cecec623fa16b16e51b3e2e9c871a98f4312c8

  • SHA256

    5f17fc09f2950e777dc13b75f0b0f99e2634fb007dd6ad1c2643117a22e725e9

  • SHA512

    d2fc3ad1b673abb077ab5bb893c40192a621862f2c8c0ba83ad7c48b465c4e03ce27df4a2623d5b542205281a005dc81ffa7f2f6ff24f5bd22dbfc3cd3f3fa2d

  • SSDEEP

    6144:cdRJK8+Q7DIWETOIqaNIWBsbGJyJhGn6M5dfUys59EzQKun+9Rf9XY6+fznAH/M8:c+MDiSuB+ncts59Yxu+7VfI7rJEAnBW

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Release\Horizonxd.exe
    "C:\Users\Admin\AppData\Local\Temp\Release\Horizonxd.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1232-0-0x0000000000300000-0x0000000000396000-memory.dmp

    Filesize

    600KB

    Download

  • memory/1232-1-0x0000000074470000-0x0000000074C20000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1232-2-0x0000000004E50000-0x0000000004E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1232-3-0x00000000027B0000-0x00000000027B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1232-4-0x0000000005430000-0x00000000059D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1232-5-0x0000000004E80000-0x0000000004F12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1232-6-0x0000000006340000-0x000000000634A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1232-7-0x00000000065B0000-0x00000000067C4000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1232-9-0x0000000004E50000-0x0000000004E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1232-8-0x0000000008ED0000-0x0000000008F10000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1232-10-0x0000000074470000-0x0000000074C20000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1232-11-0x0000000004E50000-0x0000000004E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1232-12-0x0000000004E50000-0x0000000004E60000-memory.dmp

    Filesize

    64KB

    Download