Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16-09-2024 07:58
Behavioral task
behavioral1
Sample
Bunifu.UI.WinForms.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Guna.UI2.dll
Resource
win10v2004-20240802-en
General
-
Target
Lucky.exe
-
Size
73KB
-
MD5
6060c973b6b54b2056b923321fd38863
-
SHA1
87e4e3d5809d484004801c385172917edca5f4bf
-
SHA256
be05a8041e8d77bb4f791b3c1aa0fe4522fa7aeff07516025bbce0c4e5b129cb
-
SHA512
76486f0a76a9943f2ac3260f011319388659371c43599933f766c050c82f8ce2329d629067390a1b928ced96ef23605962d23f65a0354583b2a87d72b33b7750
-
SSDEEP
1536:aRQT4CM+vza9t1LuqlbeK2Iu3wNsS8W/1WDkB8l/qfyO:eQsDSO9fLucbeK2ISwSHy1WDkBSgyO
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 1 IoCs
resource yara_rule behavioral3/memory/1376-7-0x0000000005A50000-0x0000000005C64000-memory.dmp family_agenttesla -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Lucky.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Lucky.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer Lucky.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion Lucky.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1376 Lucky.exe