Overview

overview

10

Static

static

10

8a57447139...dc.exe

windows7-x64

10

8a57447139...dc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a57447139ca6a5f563abc8544fda97c1571566e4b4b03f33e4e7bfe9e8bf4dc.exe

  • Size

    3.0MB

  • MD5

    e74b0149b454769207a04bcc3ef2c824

  • SHA1

    aacbd79a6e1cc7e857fea2da0f5c85a4c1346bdd

  • SHA256

    8a57447139ca6a5f563abc8544fda97c1571566e4b4b03f33e4e7bfe9e8bf4dc

  • SHA512

    4a0dca7d470297059220c4f80f8f1f69d3359ebef7803a107901ae022f5d1462600906523ac4d7652d2c803168daf924db3df2a3f4d4e9723da752066c55bf4c

  • SSDEEP

    49152:cRtB1R3yURtB1R3yWRtB1R3yiq9J2EaD2R4jee3erIxq9J2EaDH1A1:cRtB1R3/RtB1R39RtB1R3zrv2oee3erB

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.haliza.com.my
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    JesusChrist007$

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.haliza.com.my
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    JesusChrist007$

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a57447139ca6a5f563abc8544fda97c1571566e4b4b03f33e4e7bfe9e8bf4dc.exe
    "C:\Users\Admin\AppData\Local\Temp\8a57447139ca6a5f563abc8544fda97c1571566e4b4b03f33e4e7bfe9e8bf4dc.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2196-0-0x0000000074F0E000-0x0000000074F0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-1-0x0000000000010000-0x0000000000052000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2196-2-0x00000000050B0000-0x0000000005654000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2196-3-0x0000000004B70000-0x0000000004BD6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2196-4-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2196-6-0x0000000006200000-0x0000000006250000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2196-7-0x00000000062F0000-0x000000000638C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2196-8-0x0000000074F0E000-0x0000000074F0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-9-0x0000000006430000-0x00000000064C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2196-10-0x00000000063E0000-0x00000000063EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2196-11-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download