Overview

overview

10

Static

static

10

c78dea179e...8e.exe

windows7-x64

10

c78dea179e...8e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/11/2024, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c78dea179e7d5aed1b4a52c44b5534cdac0be1f47be4dfdc3958bd22eb48838e.exe

  • Size

    315KB

  • MD5

    afbf66c51d101896506dad8d878983b1

  • SHA1

    af7571404b866f2dcdb29646a22b2fb43dae24ad

  • SHA256

    c78dea179e7d5aed1b4a52c44b5534cdac0be1f47be4dfdc3958bd22eb48838e

  • SHA512

    79915269341a868f325864f357d1a623630c74f09baad8f174c61b6e4ab2817c3bbb913cd54688694cee2afcbf80ad7ac5766230d86330fb8878432e89dad3f8

  • SSDEEP

    3072:nyJ2gdhvYEQ8wkRgdwxkRFuLhftfYhf0QUvYSnt4l0dzhaZpPEkmj:h0vYEQ8wkRgLPsNtf3Jvv4lOe

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.ercolina-usa.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    uy,o#mZj8$lY

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Agenttesla family
    agenttesla
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c78dea179e7d5aed1b4a52c44b5534cdac0be1f47be4dfdc3958bd22eb48838e.exe
    "C:\Users\Admin\AppData\Local\Temp\c78dea179e7d5aed1b4a52c44b5534cdac0be1f47be4dfdc3958bd22eb48838e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:4900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4900-0-0x0000000074B2E000-0x0000000074B2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4900-1-0x0000000000DA0000-0x0000000000DF6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4900-2-0x0000000005E50000-0x00000000063F4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4900-3-0x0000000005770000-0x0000000005802000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4900-4-0x0000000074B20000-0x00000000752D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4900-5-0x0000000003370000-0x000000000337A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4900-6-0x0000000074B2E000-0x0000000074B2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4900-7-0x0000000074B20000-0x00000000752D0000-memory.dmp

    Filesize

    7.7MB

    Download