agenttesla | 7b2b019833000669a61ff58756311596663a48775af9426765d45a5ea397f27d

General

Target

1089765423012021_inquiry.exe
Size

560KB
MD5

b47c3006b43aff7a9c395e6ddf7d65ec
SHA1

785ba2f4990bf8d8ee4a3fb8986131756338a662
SHA256

c5c10a5a97d09d2545fa73ab64459b2fdaeadf3ef2a08bceadcbff26a69b65f5
SHA512

8fa5c1397532acf8abab18e63b29072117fbf1b9139520be74d2d9261efe448aa9a05218ee09402085340b352f754d77dc3750af96845b425ad0fe6404088aa8

Score

10^/10

Family

agenttesla

Credentials

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla Payload 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/924-64-0x0000000000400000-0x000000000043C000-memory.dmp	family_agenttesla
behavioral1/memory/924-65-0x0000000000400000-0x000000000043C000-memory.dmp	family_agenttesla
behavioral1/memory/924-66-0x0000000000400000-0x000000000043C000-memory.dmp	family_agenttesla
behavioral1/memory/924-67-0x00000000004375FE-mapping.dmp	family_agenttesla
behavioral1/memory/924-68-0x0000000000400000-0x000000000043C000-memory.dmp	family_agenttesla

Suspicious use of SetThreadContext 1 IoCs

Processes:

1089765423012021_inquiry.exe

description pid process target process

PID 1988 set thread context of 924 1988 1089765423012021_inquiry.exe 1089765423012021_inquiry.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

1089765423012021_inquiry.exe

pid process

924 1089765423012021_inquiry.exe
924 1089765423012021_inquiry.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1089765423012021_inquiry.exe

description pid process

Token: SeDebugPrivilege 924 1089765423012021_inquiry.exe

description	pid	process	target process
PID 1988 set thread context of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe

pid	process
924	1089765423012021_inquiry.exe
924	1089765423012021_inquiry.exe

description	pid	process
Token: SeDebugPrivilege	924	1089765423012021_inquiry.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

1089765423012021_inquiry.exe

description	pid	process	target process
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe
PID 1988 wrote to memory of 924	1988	1089765423012021_inquiry.exe	1089765423012021_inquiry.exe

memory/924-65-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/924-63-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/924-70-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/924-68-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/924-67-0x00000000004375FE-mapping.dmp

Download
memory/924-64-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/924-66-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/924-62-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1988-57-0x0000000075F41000-0x0000000075F43000-memory.dmp

Filesize
8KB

Download
memory/1988-55-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/1988-61-0x00000000009D0000-0x0000000000A08000-memory.dmp

Filesize
224KB

Download
memory/1988-60-0x0000000005140000-0x00000000051BF000-memory.dmp

Filesize
508KB

Download
memory/1988-59-0x0000000000310000-0x0000000000315000-memory.dmp

Filesize
20KB

Download
memory/1988-58-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download