Overview

overview

10

Static

static

10

agentesla/...2b.exe

windows7-x64

3

agentesla/...2b.exe

windows10-2004-x64

3

agentesla/...f8.exe

windows7-x64

3

agentesla/...f8.exe

windows10-2004-x64

3

agentesla/...c3.exe

windows7-x64

10

agentesla/...c3.exe

windows10-2004-x64

10

agentesla/...71.exe

windows7-x64

10

agentesla/...71.exe

windows10-2004-x64

10

agentesla/...1c.exe

windows7-x64

3

agentesla/...1c.exe

windows10-2004-x64

3

agentesla/...1e.exe

windows7-x64

3

agentesla/...1e.exe

windows10-2004-x64

3

agentesla/...f5.exe

windows7-x64

3

agentesla/...f5.exe

windows10-2004-x64

3

agentesla/...3d.exe

windows7-x64

3

agentesla/...3d.exe

windows10-2004-x64

8

agentesla/...e2.exe

windows7-x64

10

agentesla/...e2.exe

windows10-2004-x64

10

agentesla/...f7.exe

windows7-x64

10

agentesla/...f7.exe

windows10-2004-x64

10

agentesla/...ce.exe

windows7-x64

3

agentesla/...ce.exe

windows10-2004-x64

3

agentesla/...34.exe

windows7-x64

10

agentesla/...34.exe

windows10-2004-x64

10

agentesla/...1c.exe

windows7-x64

3

agentesla/...1c.exe

windows10-2004-x64

3

agentesla/...9f.exe

windows7-x64

3

agentesla/...9f.exe

windows10-2004-x64

3

agentesla/...ad.exe

windows7-x64

3

agentesla/...ad.exe

windows10-2004-x64

3

agentesla/...d1.exe

windows7-x64

3

agentesla/...d1.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/10/2024, 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    agentesla/0a9e668b23fdd273acb8ac8096e435e09f581d67203cf2475ef6f90e6b0965e2.exe

  • Size

    237KB

  • MD5

    4f9ade14f96d7c93f918682e5edb11fe

  • SHA1

    6955a5974802c075aacefd6836e73cd1b68a02e4

  • SHA256

    0a9e668b23fdd273acb8ac8096e435e09f581d67203cf2475ef6f90e6b0965e2

  • SHA512

    9729c9a162815f923f902f8edbd270d6b9e66409e6fa76eab7bbb8e581b7c6bf44f8898485f48a578dcd44c7259be2855ccab45475b55468668bf504a9aba23c

  • SSDEEP

    3072:eFS5h5B5RGyPBQob8aJPoH0FfIn57N0OUJW:ek5h5B5RTBH4QPoH0FfIX0r

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\agentesla\0a9e668b23fdd273acb8ac8096e435e09f581d67203cf2475ef6f90e6b0965e2.exe
    "C:\Users\Admin\AppData\Local\Temp\agentesla\0a9e668b23fdd273acb8ac8096e435e09f581d67203cf2475ef6f90e6b0965e2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-0-0x000000007405E000-0x000000007405F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-1-0x0000000000910000-0x0000000000952000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2008-2-0x0000000074050000-0x000000007473E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2008-3-0x000000007405E000-0x000000007405F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-4-0x0000000074050000-0x000000007473E000-memory.dmp

    Filesize

    6.9MB

    Download