Overview

overview

10

Static

static

3

DeathCrypt....0.exe

windows7-x64

10

DeathCrypt....0.exe

windows10-1703-x64

10

DeathCrypt....0.exe

windows10-2004-x64

10

DeathCrypt....0.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DeathCrypter-0.7.0.exe

  • Size

    9.8MB

  • MD5

    e5b1ff36f9fca02f63e3de2fe4861b55

  • SHA1

    36e275dcf39a1a963ee0113af3e9f60e2a1a40f7

  • SHA256

    57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80

  • SHA512

    bf43a7e5c839de792e756dc3ec75a9be8e779f57f7ab84f7e157aa796f7569045166e1fc889d014b0411501a4f3a4656a037fba78cf44d39b4b03b965bd8e09f

  • SSDEEP

    196608:t41mNygKiOPY+ZozEhjRS5jlFUMEEk1n9V4rdkACYnksmj4bsDgbC8VN0:t4Oy+OjkEhjQlFFha9WrmAmwbzCN

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DeathCrypter-0.7.0.exe
    "C:\Users\Admin\AppData\Local\Temp\DeathCrypter-0.7.0.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    PID:3500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3500-0-0x00007FFCCB8F3000-0x00007FFCCB8F5000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3500-1-0x00000288F44A0000-0x00000288F59A2000-memory.dmp
    Filesize

    21.0MB

    Download
  • memory/3500-2-0x00000288F7500000-0x00000288F7501000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3500-4-0x00007FFCCB8F0000-0x00007FFCCC3B1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3500-3-0x00000288F7F20000-0x00000288F8092000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/3500-5-0x00000288F8090000-0x00000288F82A2000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/3500-6-0x00000288F82A0000-0x00000288F8350000-memory.dmp
    Filesize

    704KB

    Download
  • memory/3500-7-0x00000288F8350000-0x00000288F8362000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3500-8-0x00007FFCCB8F0000-0x00007FFCCC3B1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3500-9-0x00007FFCCB8F0000-0x00007FFCCC3B1000-memory.dmp
    Filesize

    10.8MB

    Download