Analysis

  • max time kernel
    144s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 10:36

General

  • Target

    Debug/WindowsFormsApp3.exe

  • Size

    60KB

  • MD5

    908af5f82388e8676a159ce783abb032

  • SHA1

    51741644cf5de4d122c6162628c9e227e9cf0442

  • SHA256

    d16f4a167c92bc48db3a7e1f7064893a3b4705b434c688045268c918b41bebb4

  • SHA512

    9cca21329f07dfab73668faef9baa6f314730a8ca42f9ed9857817f9b2e8a81aa1c2036b1e09fbd2848c75d5429c828ad045df38a1c73493bff0ca25521d6235

  • SSDEEP

    1536:lJj3sOrUo1A89+01bo8N92+tkT6EgkykCWxsCOCQGJ57gFOGRO538:lJjcOrUo1A8T1bo8HtkT6EgkaGJb0O5M

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla payload 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Debug\WindowsFormsApp3.exe
    "C:\Users\Admin\AppData\Local\Temp\Debug\WindowsFormsApp3.exe"
    1⤵
    • Enumerates system info in registry
    PID:2480

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2480-0-0x0000000074E2E000-0x0000000074E2F000-memory.dmp

          Filesize

          4KB

        • memory/2480-1-0x0000000000F60000-0x0000000000F76000-memory.dmp

          Filesize

          88KB

        • memory/2480-2-0x0000000005EA0000-0x0000000006444000-memory.dmp

          Filesize

          5.6MB

        • memory/2480-3-0x0000000005990000-0x0000000005A22000-memory.dmp

          Filesize

          584KB

        • memory/2480-5-0x0000000005940000-0x000000000594A000-memory.dmp

          Filesize

          40KB

        • memory/2480-4-0x0000000074E20000-0x00000000755D0000-memory.dmp

          Filesize

          7.7MB

        • memory/2480-6-0x0000000006450000-0x0000000006664000-memory.dmp

          Filesize

          2.1MB

        • memory/2480-7-0x0000000074E20000-0x00000000755D0000-memory.dmp

          Filesize

          7.7MB

        • memory/2480-8-0x0000000074E2E000-0x0000000074E2F000-memory.dmp

          Filesize

          4KB

        • memory/2480-9-0x0000000074E20000-0x00000000755D0000-memory.dmp

          Filesize

          7.7MB

        • memory/2480-10-0x0000000074E20000-0x00000000755D0000-memory.dmp

          Filesize

          7.7MB