Overview

overview

10

Static

static

10

2efa16e2e7...f1.exe

windows7-x64

10

2efa16e2e7...f1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2efa16e2e7913986b4ca67b6767d826f2c7e30c8fe44fbb9d7ea6bceb1e2b4f1.exe

  • Size

    234KB

  • MD5

    877864295502ccc157e0eb2c266cb405

  • SHA1

    738d21dc6fdbb0d72ff82fad81c51428f349d48e

  • SHA256

    2efa16e2e7913986b4ca67b6767d826f2c7e30c8fe44fbb9d7ea6bceb1e2b4f1

  • SHA512

    47297f211a73a4c51f748572162348abd5592f2ecb001247195f060746c010435b42dedbca74170066b52e0fc676916969ca2c81204871ef55c2b44dba7decd3

  • SSDEEP

    3072:DIoTymiLR5DsfcYl0b1sENqGK5qz/ji1So:DIoTymiLR5Dsf5ebmENqGXio

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.aerosolesyservicios.com.ar
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ven2019

Extracted

Family

agenttesla

Credentials

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2efa16e2e7913986b4ca67b6767d826f2c7e30c8fe44fbb9d7ea6bceb1e2b4f1.exe
    "C:\Users\Admin\AppData\Local\Temp\2efa16e2e7913986b4ca67b6767d826f2c7e30c8fe44fbb9d7ea6bceb1e2b4f1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-0-0x00000000004A0000-0x00000000004E0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1772-1-0x0000000074870000-0x0000000075020000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1772-2-0x0000000005530000-0x0000000005AD4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1772-3-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1772-4-0x0000000004FF0000-0x0000000005056000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1772-5-0x0000000005E00000-0x0000000005E50000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1772-6-0x0000000005EF0000-0x0000000005F8C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1772-7-0x0000000006370000-0x0000000006402000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1772-8-0x0000000006320000-0x000000000632A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1772-9-0x0000000074870000-0x0000000075020000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1772-10-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download