Overview

overview

10

Static

static

10

Guna.UI2.dll

windows11-21h2-x64

1

Launcher.exe

windows11-21h2-x64

10

addons/clean.exe

windows11-21h2-x64

1

addons/x64.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231129-en
  • resource tags

    arch:x64arch:x86image:win11-20231129-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-12-2023 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher.exe

  • Size

    216KB

  • MD5

    b431834edf99021cf97d0a5be32e74db

  • SHA1

    0f10206595d7f6b52e73f6c969ec4e9d5e0b0c5d

  • SHA256

    be7772f9ec74c9538e68a796a1ac783b6691a3c500d12a0beb04eeffc3525931

  • SHA512

    56ea7de05c9eb8437dffc6dd1e6951feb10a3cc95207a90824e7d3be5a7b4113a387f77aa64a65524dabefc3d3a8a02d2ca73d958d8daa211013a690c1b4a106

  • SSDEEP

    3072:IIym4PU5dNLJ9bW4qgjwZcCzS77A1HdG/N3XIfduIr9wkgYqMgRvrNWYJPPP1H4U:IExCcC2XIcuRqdfh7sGNEaAa4QXgP

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
    1⤵
    • Enumerates system info in registry
    PID:800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/800-1-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/800-0-0x0000000000E50000-0x0000000000E8C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/800-3-0x0000000005960000-0x00000000059F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/800-2-0x0000000005F10000-0x00000000064B6000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/800-4-0x0000000005B90000-0x0000000005BA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/800-5-0x0000000005930000-0x000000000593A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/800-6-0x00000000066E0000-0x00000000068F4000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/800-7-0x0000000005B90000-0x0000000005BA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/800-8-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/800-9-0x0000000005B90000-0x0000000005BA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/800-10-0x0000000005B90000-0x0000000005BA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/800-12-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download