Overview

overview

10

Static

static

3

723bccfa9d...39.exe

windows7-x64

10

723bccfa9d...39.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2023 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    723bccfa9d5be24b8a064f547cf1c039.exe

  • Size

    622KB

  • MD5

    723bccfa9d5be24b8a064f547cf1c039

  • SHA1

    87242ddbce39c582b1b38c5965b10ccc9c9551d4

  • SHA256

    5dbac89a6802a5144699a6e8a4ba1b2016857f03b0e01b6680af7f223f34f22c

  • SHA512

    6353ac01e91505983a58d1aeaeae578ff9c20511143520fdbc705ce52ce7b2c30935d5de6da8ef88ab2cb0852534a7ae0414e9aa965a1efe3238758ddd9ecd0f

  • SSDEEP

    12288:Z3IU8S6eUd4a1hZEcIAnQe/bV60036B6hG6d1XzE/J6LaYx43Qxu:RItSAdlhjxnQe/R600KCG67X+Shxu

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\723bccfa9d5be24b8a064f547cf1c039.exe
    "C:\Users\Admin\AppData\Local\Temp\723bccfa9d5be24b8a064f547cf1c039.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\723bccfa9d5be24b8a064f547cf1c039.exe
      "C:\Users\Admin\AppData\Local\Temp\723bccfa9d5be24b8a064f547cf1c039.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1236-12-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1236-20-0x00000000053C0000-0x00000000053D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1236-19-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1236-18-0x0000000006160000-0x00000000061B0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1236-17-0x00000000054D0000-0x0000000005536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1236-16-0x00000000053C0000-0x00000000053D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1236-14-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-5-0x00000000057D0000-0x00000000057DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2012-8-0x0000000006BB0000-0x0000000006BBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2012-9-0x0000000009290000-0x000000000930E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2012-10-0x0000000006DC0000-0x0000000006E5C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2012-11-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-7-0x0000000005D90000-0x0000000005D98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2012-6-0x00000000059B0000-0x00000000059C8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2012-15-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-0-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-4-0x00000000058B0000-0x00000000058C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2012-3-0x0000000005710000-0x00000000057A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2012-2-0x0000000005DA0000-0x0000000006344000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2012-1-0x0000000000C90000-0x0000000000D32000-memory.dmp

    Filesize

    648KB

    Download