Overview

overview

10

Static

static

10

0d55d95097...ac.exe

windows7-x64

10

0d55d95097...ac.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d55d9509730eade8dac7811d508b7ab0df6c018e2867b3af69c7c309f9006ac.exe

  • Size

    240KB

  • MD5

    65435ea324a28dcd1b314b1b10c02951

  • SHA1

    497a4463db2b8db7279dafa3ddb2496e01dde04f

  • SHA256

    0d55d9509730eade8dac7811d508b7ab0df6c018e2867b3af69c7c309f9006ac

  • SHA512

    37afe959669d5fb1ccd95704140c7ae5a7323bdfc8325cac3e4b372e936996963ee0f01ddcf7c0b4c06a4edaa89b0d6284774d3a77250647178c8647095b23fe

  • SSDEEP

    3072:6PMVHbnDyj0OC928iyv2Kjhp+2c2FjYrQCBa4XlYflXXEz5RgM7dE4l01:6PMVHbnDygOC92aCQ46fpXEIM7e

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7109324415:AAEtV_HPY0H5mFN38xCDvDx9wl-kKb9q3qg/

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d55d9509730eade8dac7811d508b7ab0df6c018e2867b3af69c7c309f9006ac.exe
    "C:\Users\Admin\AppData\Local\Temp\0d55d9509730eade8dac7811d508b7ab0df6c018e2867b3af69c7c309f9006ac.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/400-0-0x00000000008B0000-0x00000000008F2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/400-1-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/400-2-0x0000000005860000-0x0000000005E04000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/400-3-0x0000000005400000-0x0000000005410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/400-4-0x0000000005480000-0x00000000054E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/400-6-0x0000000006970000-0x00000000069C0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/400-7-0x0000000006A60000-0x0000000006AFC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/400-8-0x0000000006CA0000-0x0000000006D32000-memory.dmp

    Filesize

    584KB

    Download

  • memory/400-9-0x0000000006C60000-0x0000000006C6A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/400-10-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/400-11-0x0000000005400000-0x0000000005410000-memory.dmp

    Filesize

    64KB

    Download