Analysis

  • max time kernel
    92s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2024 08:45

General

  • Target

    Leave.exe

  • Size

    21KB

  • MD5

    4f59c58bd4b78bc6b9b9c1cd1a5c84e4

  • SHA1

    9a04d93617c649bb19675c6141a78ac48d7306f1

  • SHA256

    63cbae517cdc43468f73c362dca6bd1d50cd5fefa4e317ed82fc464f7653f5bc

  • SHA512

    21f38d5b4c126690f0bd6331b8b9bde340666f8b6c368a6775c59ba1567df754ef1928002d897a09ebded3bf03af8003ab538d7ba8360c296d30bbd2d4553f17

  • SSDEEP

    384:59mO1MqaL3mFi/P5xsZyZbSJ0ULAgSXNp3G7LU7002hv+N0VL3LKLrbKHVt0vwOs:eX91AUr2m0pbWnKHcy2li1r5

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Leave.exe
    "C:\Users\Admin\AppData\Local\Temp\Leave.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    PID:3500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3500-0-0x00000000746AE000-0x00000000746AF000-memory.dmp

    Filesize

    4KB

  • memory/3500-1-0x0000000000050000-0x000000000005C000-memory.dmp

    Filesize

    48KB

  • memory/3500-2-0x0000000004F30000-0x00000000054D4000-memory.dmp

    Filesize

    5.6MB

  • memory/3500-3-0x0000000004A60000-0x0000000004AF2000-memory.dmp

    Filesize

    584KB

  • memory/3500-4-0x0000000004B00000-0x0000000004B0A000-memory.dmp

    Filesize

    40KB

  • memory/3500-5-0x0000000004CC0000-0x0000000004D16000-memory.dmp

    Filesize

    344KB

  • memory/3500-6-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

  • memory/3500-7-0x0000000005840000-0x0000000005A52000-memory.dmp

    Filesize

    2.1MB

  • memory/3500-8-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

  • memory/3500-9-0x00000000746AE000-0x00000000746AF000-memory.dmp

    Filesize

    4KB

  • memory/3500-10-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB