Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-06-2024 16:19
Behavioral task
behavioral1
Sample
SploitXE BEta/SploitXE.exe
Resource
win7-20240221-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
SploitXE BEta/SploitXE.exe
Resource
win10v2004-20240611-en
3 signatures
150 seconds
General
-
Target
SploitXE BEta/SploitXE.exe
-
Size
59KB
-
MD5
8f53627c43fe6a510a9fc17a7a50c348
-
SHA1
813323918300c83c8878a043db0631b1d156f07a
-
SHA256
f8fd35f40cf45e0332813d5ac555663c6d041256120d6e0fd0300d7b677379e1
-
SHA512
f4e0f4e3cf8833b9caab846e16558b882905d2cf5d0f037aa15cbe818f33052236780aea4c5e84eafc61333e63decfe64c694f1536117d39001a2e39f8f58c11
-
SSDEEP
768:QUNFDR8oN3NmUqVLVbXrhsPWHrdRpfO4HjCMLpPd0:lR8oN3c3O0rdRpfO4DpLdd0
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2000-2-0x0000000004F60000-0x0000000005174000-memory.dmp family_agenttesla -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
SploitXE.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS SploitXE.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer SploitXE.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion SploitXE.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
SploitXE.exepid process 2000 SploitXE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SploitXE.exedescription pid process Token: SeDebugPrivilege 2000 SploitXE.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SploitXE BEta\SploitXE.exe"C:\Users\Admin\AppData\Local\Temp\SploitXE BEta\SploitXE.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2000
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2228