Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
08-12-2023 19:06
Behavioral task
behavioral1
Sample
Release/Guna.UI2.dll
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Release/Guna.UI2.dll
Resource
win10v2004-20231201-en
Behavioral task
behavioral3
Sample
Release/Horizonxd.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Release/Horizonxd.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
Release/Newtonsoft.Json.dll
Resource
win7-20231130-en
Behavioral task
behavioral6
Sample
Release/Newtonsoft.Json.dll
Resource
win10v2004-20231130-en
General
-
Target
Release/Horizonxd.exe
-
Size
575KB
-
MD5
9b74486fc963011686c58a3e21637eb3
-
SHA1
b2cecec623fa16b16e51b3e2e9c871a98f4312c8
-
SHA256
5f17fc09f2950e777dc13b75f0b0f99e2634fb007dd6ad1c2643117a22e725e9
-
SHA512
d2fc3ad1b673abb077ab5bb893c40192a621862f2c8c0ba83ad7c48b465c4e03ce27df4a2623d5b542205281a005dc81ffa7f2f6ff24f5bd22dbfc3cd3f3fa2d
-
SSDEEP
6144:cdRJK8+Q7DIWETOIqaNIWBsbGJyJhGn6M5dfUys59EzQKun+9Rf9XY6+fznAH/M8:c+MDiSuB+ncts59Yxu+7VfI7rJEAnBW
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 1 IoCs
resource yara_rule behavioral4/memory/1232-7-0x00000000065B0000-0x00000000067C4000-memory.dmp family_agenttesla -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Horizonxd.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer Horizonxd.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion Horizonxd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1232 Horizonxd.exe