Overview

overview

10

Static

static

5

c30b63c938...00.exe

windows7-x64

10

c30b63c938...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe

  • Size

    1.2MB

  • MD5

    9ef77cc57cbe09118edc18409769d299

  • SHA1

    a71ac225e5811bc8a72298cf4f2981d10d7dc730

  • SHA256

    c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700

  • SHA512

    c9cb9c026522037d9278afe1fe49f034b323feaa664ff691f8df63045a017f7a56cbca7b6bb35e61e23e1a3a7e56267fa4817ac6e8fb18c6243bffcd06d88cad

  • SSDEEP

    24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8aq7hR42K2BjNT8sjwNX:tTvC/MTQYxsWR7aq7hjDjl6

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Detect packed .NET executables. Mostly AgentTeslaV4. 33 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 33 IoCs
  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 33 IoCs
  • Detects executables referencing Windows vault credential objects. Observed in infostealers 33 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 33 IoCs
  • Detects executables referencing many email and collaboration clients. Observed in information stealers 33 IoCs
  • Detects executables referencing many file transfer clients. Observed in information stealers 33 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe
    "C:\Users\Admin\AppData\Local\Temp\c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe"
      2⤵
        PID:4080
      • C:\Users\Admin\AppData\Local\Temp\c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe
        "C:\Users\Admin\AppData\Local\Temp\c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4540
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          "C:\Users\Admin\AppData\Local\Temp\c30b63c938d5090eb132563774378154a0e97f2470f331e904fc023766dd2700.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nondefinition
      Filesize

      263KB

      MD5

      67097ecdd30506b77482463e58031d2d

      SHA1

      ec9aeb40d44f77a2aca002a143831a11e8a496a7

      SHA256

      a6ac05d2e6a3bb51568cbd9b17ffdbcb4f741155d3545a0bfc8c88f6ee2a280f

      SHA512

      fbeb1e1fbd5726fa05b650a958609a41f6ecc45ca473b0b55c9b49578d2163b4c6a84e1ece21549b19162d1ce9ae0b43711b379c0f042056c7722e79e1302d5a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\obtenebrate
      Filesize

      29KB

      MD5

      3fc5266a1eed6ce8143dc3b73d50881f

      SHA1

      d3c27e178f3a0fdc36b335ebfd1cb39f21922479

      SHA256

      c9a6bf9dd8cb411fdc607b6b05ed8c893e437e55c53bab6a3eac13c792ebecc5

      SHA512

      33b3253207d7267a51cdb857838caedc5b28b3e01688f1a2f25965cae4bcb6a01b4fb10a8568ad252466ff23fb0c5a0b6c2d724b9e94b773e47bafd4324417b2

      Download Submit

    • memory/2484-10-0x0000000004540000-0x0000000004544000-memory.dmp

      Filesize

      16KB

      Download

    • memory/3776-23-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/3776-24-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/3776-26-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/3776-25-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/3776-27-0x00000000743FE000-0x00000000743FF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3776-28-0x00000000031E0000-0x0000000003236000-memory.dmp

      Filesize

      344KB

      Download

    • memory/3776-29-0x00000000743F0000-0x0000000074BA0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3776-32-0x00000000743F0000-0x0000000074BA0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3776-31-0x00000000057F0000-0x0000000005844000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3776-30-0x0000000005D80000-0x0000000006324000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3776-62-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-64-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-100-0x00000000743F0000-0x0000000074BA0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3776-92-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-88-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-86-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-84-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-82-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-80-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-76-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-74-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-72-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-70-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-68-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-66-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-60-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-1078-0x00000000743F0000-0x0000000074BA0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3776-58-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-1079-0x00000000059F0000-0x0000000005A56000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3776-56-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-54-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-52-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-50-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-48-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-46-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-42-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-40-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-38-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-34-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-91-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-78-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-44-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-36-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-33-0x00000000057F0000-0x000000000583E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3776-1080-0x0000000006D10000-0x0000000006D60000-memory.dmp

      Filesize

      320KB

      Download

    • memory/3776-1081-0x0000000006E00000-0x0000000006E92000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3776-1082-0x0000000006D90000-0x0000000006D9A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3776-1083-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/3776-1084-0x00000000743FE000-0x00000000743FF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3776-1085-0x00000000743F0000-0x0000000074BA0000-memory.dmp

      Filesize

      7.7MB

      Download