Overview

overview

10

Static

static

10

Crystal Te...ed.exe

windows10-2004-x64

10

Crystal Te...I2.dll

windows10-2004-x64

1

Crystal Te...v3.exe

windows10-2004-x64

10

Crystal Te...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1388s
  • max time network
    1178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2024 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crystal Temp+ Perm/aremi v3_protected.exe

  • Size

    1.6MB

  • MD5

    1b49c25d797f1a978d11c8334d693995

  • SHA1

    16f8272975123b5f2e1af72c038a30737823c3e1

  • SHA256

    7ab837a255697285865c093d5c6fe44f36e0cf72febaabbdc97634fdae0a4f69

  • SHA512

    0f28f88380dc1bccdad371dd1f19927706fad760c6c5a2f3a6b4072fb772234533148f3d990c42d13c1f683536f1b1974b7c8412d5158643af07cb1a9c5a3ebf

  • SSDEEP

    24576:X41t5iCct5iCD+Mvpt5iCct5iCc+Mvr+Mvpt5iCct5iCg:IgWMvLgdMv6MvLg

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Crystal Temp+ Perm\aremi v3_protected.exe
    "C:\Users\Admin\AppData\Local\Temp\Crystal Temp+ Perm\aremi v3_protected.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:768

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/768-0-0x00000000003D0000-0x000000000056E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-1-0x0000000074930000-0x00000000750E0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/768-2-0x00000000054D0000-0x0000000005A74000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/768-3-0x0000000004F20000-0x0000000004FB2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/768-4-0x0000000005080000-0x0000000005090000-memory.dmp
    Filesize

    64KB

    Download
  • memory/768-5-0x0000000004FD0000-0x0000000004FDA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/768-6-0x0000000005A80000-0x0000000005C94000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/768-7-0x0000000005080000-0x0000000005090000-memory.dmp
    Filesize

    64KB

    Download
  • memory/768-8-0x00000000066E0000-0x00000000066F2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/768-9-0x0000000008D60000-0x0000000008D9C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/768-10-0x0000000074930000-0x00000000750E0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/768-11-0x0000000005080000-0x0000000005090000-memory.dmp
    Filesize

    64KB

    Download
  • memory/768-12-0x0000000005080000-0x0000000005090000-memory.dmp
    Filesize

    64KB

    Download