Analysis
-
max time kernel
114s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 16:15
Behavioral task
behavioral1
Sample
SploitXE Release/SploitXE.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
SploitXE Release/SploitXE.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
SploitXE Release/setup.exe
Resource
win7-20240220-en
General
-
Target
SploitXE Release/SploitXE.exe
-
Size
59KB
-
MD5
8f53627c43fe6a510a9fc17a7a50c348
-
SHA1
813323918300c83c8878a043db0631b1d156f07a
-
SHA256
f8fd35f40cf45e0332813d5ac555663c6d041256120d6e0fd0300d7b677379e1
-
SHA512
f4e0f4e3cf8833b9caab846e16558b882905d2cf5d0f037aa15cbe818f33052236780aea4c5e84eafc61333e63decfe64c694f1536117d39001a2e39f8f58c11
-
SSDEEP
768:QUNFDR8oN3NmUqVLVbXrhsPWHrdRpfO4HjCMLpPd0:lR8oN3c3O0rdRpfO4DpLdd0
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4788-6-0x0000000005780000-0x0000000005994000-memory.dmp family_agenttesla -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
SploitXE.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS SploitXE.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer SploitXE.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion SploitXE.exe