Overview

overview

10

Static

static

10

Samples 1/...cd.exe

windows7-x64

10

Samples 1/...cd.exe

windows10-2004-x64

10

Samples 1/...9f.exe

windows7-x64

10

Samples 1/...9f.exe

windows10-2004-x64

7

Samples 1/...95.exe

windows7-x64

10

Samples 1/...95.exe

windows10-2004-x64

5

Samples 1/...d2.exe

windows7-x64

10

Samples 1/...d2.exe

windows10-2004-x64

10

Samples 1/...6c.exe

windows7-x64

10

Samples 1/...6c.exe

windows10-2004-x64

10

Samples 1/...e8.exe

windows7-x64

10

Samples 1/...e8.exe

windows10-2004-x64

10

Samples 1/...4f.exe

windows7-x64

10

Samples 1/...4f.exe

windows10-2004-x64

10

Samples 1/...0a.exe

windows7-x64

7

Samples 1/...0a.exe

windows10-2004-x64

7

Samples 1/...a5.exe

windows7-x64

10

Samples 1/...a5.exe

windows10-2004-x64

10

Samples 1/...f4.exe

windows7-x64

10

Samples 1/...f4.exe

windows10-2004-x64

10

Samples 1/...c3.exe

windows7-x64

7

Samples 1/...c3.exe

windows10-2004-x64

7

Samples 1/...c7.exe

windows7-x64

10

Samples 1/...c7.exe

windows10-2004-x64

10

Samples 1/...26.exe

windows7-x64

10

Samples 1/...26.exe

windows10-2004-x64

10

Samples 1/...3a.exe

windows7-x64

1

Samples 1/...3a.exe

windows10-2004-x64

1

Samples 1/...91.exe

windows7-x64

10

Samples 1/...91.exe

windows10-2004-x64

10

Samples 2/...c4.exe

windows7-x64

10

Samples 2/...c4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Samples 1/1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe

  • Size

    762KB

  • MD5

    3e9a543b85c85a0b808902b0b6cef9b2

  • SHA1

    29d589b838b4e1a5e54a6bfe52da0d5859609865

  • SHA256

    1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695

  • SHA512

    f212b3a2f4c25701df3f41be93c13cf9a6a84e1affd4e8b0f7b9fb5bc0689a1b3a1c55052c99fca314f540199997a8c265f9f447fe8b013a085a199a7fffb3c6

  • SSDEEP

    12288:aHW7TohIU2CoLBPdV+GLBOeUjYb9qUp5jlnRLm5bvL2z4is:a27SELNdYGL8eUjYbMUp5RnRLm5LLw4

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6857395601:AAEr0Ki03_UqNs4qlOxRNOhnjU8odyo6de4/

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Samples 1\1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe
    "C:\Users\Admin\AppData\Local\Temp\Samples 1\1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\Samples 1\1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe
      "C:\Users\Admin\AppData\Local\Temp\Samples 1\1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-18-0x0000000074370000-0x0000000074A5E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1740-0-0x0000000000ED0000-0x0000000000F94000-memory.dmp
    Filesize

    784KB

    Download
  • memory/1740-2-0x0000000004A00000-0x0000000004A40000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1740-3-0x0000000000580000-0x000000000058E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1740-4-0x00000000005C0000-0x00000000005CA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1740-5-0x0000000005870000-0x0000000005906000-memory.dmp
    Filesize

    600KB

    Download
  • memory/1740-1-0x0000000074370000-0x0000000074A5E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2832-17-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-19-0x0000000074370000-0x0000000074A5E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2832-15-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-13-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2832-10-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-9-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-8-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-6-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2832-20-0x0000000074370000-0x0000000074A5E000-memory.dmp
    Filesize

    6.9MB

    Download