Open prashanthpulisetti opened 2 weeks ago
The dailer.exe has invoked almost every binary in system32 folder while analyzing Agent Tesla malware. A bunch of CreateRemoteThread processes have been created in a short span of time.
dailer.exe
Malware Sample: https://app.any.run/tasks/6720b85b-9c53-4a12-b1dc-73052a7847
Sample Logs:
CreateRemoteThread detected: RuleName: - UtcTime: 2024-06-14 12:03:46.938 SourceProcessGuid: {8bf1c579-2d7a-666c-3303-000000003b00} SourceProcessId: 11088 SourceImage: C:\Windows\System32\dialer.exe TargetProcessGuid: {8bf1c579-31a2-666c-7a07-000000003b00} TargetProcessId: 4323 TargetImage: C:\Windows\System32\schtasks.exe NewThreadId: 12735 StartAddress: 0x000002198090273C StartModule: - StartFunction: - SourceUser: KONAHA\naruto TargetUser: KONAHA\naruto CreateRemoteThread detected: RuleName: - UtcTime: 2024-06-14 12:02:09.404 SourceProcessGuid: {8bf1c579-2d7a-666c-3303-000000003c00} SourceProcessId: 11088 SourceImage: C:\Windows\System32\dialer.exe TargetProcessGuid: {8bf1c579-3141-666c-0907-000000003c00} TargetProcessId: 14032 TargetImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe NewThreadId: 748 StartAddress: 0x000002530658273C StartModule: - StartFunction: - SourceUser: KONAHA\naruto TargetUser: KONAHA\naruto
The
dailer.exe
has invoked almost every binary in system32 folder while analyzing Agent Tesla malware. A bunch of CreateRemoteThread processes have been created in a short span of time.Malware Sample: https://app.any.run/tasks/6720b85b-9c53-4a12-b1dc-73052a7847
Sample Logs: