Overview

overview

10

Static

static

5

2.exe

windows7-x64

10

2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2.exe

  • Size

    1.1MB

  • MD5

    63b2c81131687e687e3e7f1c0deb12c8

  • SHA1

    2465347106a89ada6ede41f6ee6f89f3979621a0

  • SHA256

    a609b506672dd6a2da8bd25c0ae4d21688c2ed48c1c205366e6a8c3a323e6671

  • SHA512

    20765196191da86142c415f54f948ab9ec84b2e24d991e81a185d6d5cc3ba77ed6ffa6655e8e927cac73d9ce30b55b1e21565701dbeec91a64fbd9f553cbc3e1

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHal2gcNWtf8QL4vd5:gh+ZkldoPK8Yal2pWtf7L4/

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Detect ZGRat V1 33 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2.exe
    "C:\Users\Admin\AppData\Local\Temp\2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\2.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aut467F.tmp
    Filesize

    263KB

    MD5

    c106896e1636bcad0a7db38ca474c7d6

    SHA1

    e24ad475fdcc6149e2c38c20207d95cf436ab5c9

    SHA256

    cce9e3ef477a8fb34f2e0c0e8d364575e2258850acd5820895ee4ab9b889e1e6

    SHA512

    5f36a2d7a057663d1aa6e52b8c1e7ee1a7978e5f2a93c2f1df93488cd7afafccfbbebd4138952c7b0ce39426d9bb12f0218aedd66479b3e2e280f939404f61d5

    Download Submit

  • memory/2652-12-0x0000000000E50000-0x0000000000E54000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4012-13-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4012-15-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4012-14-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4012-16-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4012-17-0x000000007470E000-0x000000007470F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4012-18-0x0000000002FE0000-0x0000000003036000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4012-19-0x0000000074700000-0x0000000074EB0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4012-20-0x0000000005C00000-0x00000000061A4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4012-21-0x00000000055F0000-0x0000000005644000-memory.dmp

    Filesize

    336KB

    Download

  • memory/4012-43-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-51-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-112-0x0000000074700000-0x0000000074EB0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4012-81-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-413-0x0000000074700000-0x0000000074EB0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4012-79-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-78-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-75-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-73-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-71-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-69-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-67-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-65-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-63-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-61-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-59-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-57-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-55-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-53-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-49-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-47-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-45-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-41-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-39-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-37-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-35-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-33-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-31-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-29-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-27-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-25-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-23-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-22-0x00000000055F0000-0x000000000563E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4012-1068-0x0000000005800000-0x0000000005866000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4012-1069-0x0000000074700000-0x0000000074EB0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4012-1070-0x0000000006B50000-0x0000000006BA0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4012-1071-0x0000000006C40000-0x0000000006CD2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4012-1072-0x0000000006BA0000-0x0000000006BAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4012-1073-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4012-1074-0x000000007470E000-0x000000007470F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4012-1075-0x0000000074700000-0x0000000074EB0000-memory.dmp

    Filesize

    7.7MB

    Download