Overview

overview

10

Static

static

3

MEGA_UPDATED.exe

windows7-x64

10

MEGA_UPDATED.exe

windows10-2004-x64

10

MEGA_UPDATED.exe

macos-10.15-amd64

1

Analysis

  • max time kernel
    27s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2023 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEGA_UPDATED.exe

  • Size

    3.4MB

  • MD5

    7a2175a604e95018790d38067eba2a89

  • SHA1

    e6023118821c117c2db23098e63b5dc50a4ded00

  • SHA256

    4e378a7de4a63a76a966ac25f754337bdf511fb24964dbaac7c03ac73103891b

  • SHA512

    3c91f92721fd937c78c54cedb74ee87356f0fb01a876b035333ad1a8ecfa63143685d8575145da7a9f48ece3fa1e81a751a6f8e2c6a9f26051375853094dfac8

  • SSDEEP

    49152:RwvTHrg5igXalMD79PjYm3DMdQrp5ZVPEJXzR81XiGRuHDOXG:RIHrgt8RQrp5TMZRSSA0j

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEGA_UPDATED.exe
    "C:\Users\Admin\AppData\Local\Temp\MEGA_UPDATED.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/nerestpc_bot
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    134530147a64664f7e6449d9dfe0f3f3

    SHA1

    a6452acd19905ff98e5052f07db79dc737465a30

    SHA256

    0dc894f217dca709d041195f656367c9714b9ae64b7cbffba08761d3ce8494f8

    SHA512

    0b9022c8241ff167049ce756b9003ab6abe0f409ecabc6e3305ab343bc5f80cd0d39cd84da574392e4a6a9f67447784d610ef2b6599a69b4b349d755a1026e10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    341c3c85bd2342165711c9c821799c67

    SHA1

    4b4eb83976e648113e69c753c6d7afb4677f45e2

    SHA256

    704137f13dc6444c9ebd453f77130b44b4c5b6931da0da0741d50ce1a77266f1

    SHA512

    9408d9e8c368f45ba44de4e51f22394c9e0c70f845005e694f36b008bc06aa25e48cfcbd81855e12514e313a3b059dc8b4d270e8b3fb85a1c6a4a48d1f4025e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7b84113b93d5b38ac70eebb5da5f643

    SHA1

    8cbbba64b8610583a4200c9c6970f6f6fe66c15a

    SHA256

    64b56e226aa48dbc11a247ce479371c177fb0c29e005655f08319d60be2746b3

    SHA512

    7e8148183a3e2f0e91802094ffa47c67f5116ab09e29e16a68abb2c4859dda384d13d37fe5e81eb91d659c05ee9e1f2b27904531de24906b08a9d98c0bcd0b9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4713176125bf26b8949adb488968231

    SHA1

    326fc2adb56957a320e9dcb75e4b9d627afee0a8

    SHA256

    92c8203b24d49609ee725ab28d272ffcc4fb313847702acda2e77b17986a357d

    SHA512

    987690c41a7ebccdbdc9d6359594a444abb9d01cd2222a2be0c75517e19ef199679758055e23364ed4c5207712e7935b92525fee5e04b4d49b411a430f52ac67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6153cd43c8649747032f01b915f7fbe9

    SHA1

    6f900a24a8c6229b3206853275a4a9a2ae809d98

    SHA256

    e12c47e98f1bb9c1d8e6039a8ee3eb7f695a03172a34ec19b64bb6ff590279ea

    SHA512

    0b5f64258f7cd044255f7ceda981e10b24eb919785ae2293b51fcf29f09ca3249627ab51fe102e0e99397dd2a48ba65cf6bcc90c2a0b5c9438f9fa4739c9b31d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e4691bc5973edb11eb2914108ed53ab

    SHA1

    12564b4e4ee6f6d0f95a43133ae20771394b0205

    SHA256

    b0bb8d20a7c8a36e05142fc6123316591dee7335d46cfe1ebd192f7775d92115

    SHA512

    fe02e1ba380d264dd2611405fca178703669bcf27e959560a34ed42071fc30ee02cd28299214573ce3a1432c36c7a3729e0a3fbbb8ad9beb20e3f35d2ee3da8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ceac2e14207703e26e6a72f6fe304f25

    SHA1

    24cffc2bdfb003fa836c3fdcef38c476ba598c19

    SHA256

    989aaa0c02e32288543cdd5f7f27bc333a3b2c76896735f8382e360d7594fe6f

    SHA512

    a787cd69dfdb7f486c84d9658a8e9d280428e8e5782b7ed39a6285562603f337cd6ef887834d6997d8adf3a0c1846152052fc78fa8215cedcb815b1fc7b117b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f73e17f794ae295dac87962fc27d9ef

    SHA1

    2a657ea762a7e445248f13f4c5f21ff405512a51

    SHA256

    6e93772a8b7738ced52bc16b95de4af87c2652d61a0df7e04bd0d4b07c4802e3

    SHA512

    570cd18aa62d6933decd667ec7ac9053d1f782cde5de25c8787e17f754dd68f281a22abb9dbe1dae07934565f5421bfae655409b3b53db63fbde53cd5479c605

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    798f00f7ac49f6475e6a5ec92dbb825f

    SHA1

    5220cdeb0c1bdcfa1fde47c52c95f4de63aa7440

    SHA256

    cf7f134613f567b072396aae2b52544c51a257c4c4b90072558bbae28ff05169

    SHA512

    2f6ee4d6eb1fd15226f11b6552259aa1f09a47c1c8e3baaba911ef419df882d776855675c0686bf3f4cdcd8e7deef6dc658414803bc5e1f76fb0b9816a62e560

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8604.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8705.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1456-12-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1456-3-0x00000000005C0000-0x00000000005C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1456-1-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1456-0-0x0000000001060000-0x00000000013C2000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1456-2-0x000000001B740000-0x000000001B7C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1456-7-0x000000001B740000-0x000000001B7C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1456-6-0x000000001B740000-0x000000001B7C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1456-5-0x000000001CC20000-0x000000001CE36000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1456-4-0x000000001C1C0000-0x000000001C2A0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/1456-377-0x000000001B740000-0x000000001B7C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1456-496-0x000000001B740000-0x000000001B7C0000-memory.dmp

    Filesize

    512KB

    Download