agenttesla | 149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace

General

Target

149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe
Size

154.0MB
MD5

0e3961b63c79cfd5450af6a072df2cf4
SHA1

e5aa08783dce22db20ea2791c8bd9e555dbe91a1
SHA256

149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace
SHA512

360e9c51f5825a973a1ceb6b9c0dcdd580715e72dbef6bd3f409d73cf88b776b316ec08023c90470f7e7de5dfa81a3c4bdcddf4b7a221fa722e8ba68828cc0e9
SSDEEP

1572864:UafzGToO0fw1GZrhqWKnUlqdoT43pv8Mx58REy0DZlecF:HfzdhbIoTY5zZAY

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2104-64-0x0000000007700000-0x0000000007BD0000-memory.dmp	family_agenttesla
behavioral1/memory/2104-67-0x0000000007700000-0x0000000007BD0000-memory.dmp	family_agenttesla

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe

C:\Users\Admin\AppData\Local\Temp\149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe
"C:\Users\Admin\AppData\Local\Temp\149fee78d8d12af76af26eddc5aafa42b8f2a028f27f55676241110cb8a65ace.exe"
1⤵
- Enumerates system info in registry
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2104-0-0x0000000006890000-0x0000000007219000-memory.dmp

Filesize
9.5MB

Download
memory/2104-3-0x0000000006890000-0x0000000007219000-memory.dmp

Filesize
9.5MB

Download
memory/2104-5-0x0000000000AF0000-0x0000000001318000-memory.dmp

Filesize
8.2MB

Download
memory/2104-4-0x00000000083A0000-0x000000000950F000-memory.dmp

Filesize
17.4MB

Download
memory/2104-8-0x00000000083A0000-0x000000000950F000-memory.dmp

Filesize
17.4MB

Download
memory/2104-9-0x0000000009510000-0x000000000A0F8000-memory.dmp

Filesize
11.9MB

Download
memory/2104-12-0x0000000009510000-0x000000000A0F8000-memory.dmp

Filesize
11.9MB

Download
memory/2104-17-0x0000000006230000-0x00000000062E4000-memory.dmp

Filesize
720KB

Download
memory/2104-21-0x0000000000AE0000-0x0000000000AEC000-memory.dmp

Filesize
48KB

Download
memory/2104-28-0x0000000000AC0000-0x0000000000ADF000-memory.dmp

Filesize
124KB

Download
memory/2104-25-0x0000000000AC0000-0x0000000000ADF000-memory.dmp

Filesize
124KB

Download
memory/2104-36-0x00000000029F0000-0x0000000002A02000-memory.dmp

Filesize
72KB

Download
memory/2104-33-0x00000000029F0000-0x0000000002A02000-memory.dmp

Filesize
72KB

Download
memory/2104-32-0x0000000002820000-0x0000000002835000-memory.dmp

Filesize
84KB

Download
memory/2104-29-0x0000000002820000-0x0000000002835000-memory.dmp

Filesize
84KB

Download
memory/2104-24-0x0000000000AE0000-0x0000000000AEC000-memory.dmp

Filesize
48KB

Download
memory/2104-20-0x0000000006230000-0x00000000062E4000-memory.dmp

Filesize
720KB

Download
memory/2104-16-0x0000000000A50000-0x0000000000A61000-memory.dmp

Filesize
68KB

Download
memory/2104-43-0x0000000002A40000-0x0000000002A5D000-memory.dmp

Filesize
116KB

Download
memory/2104-44-0x0000000006010000-0x000000000604A000-memory.dmp

Filesize
232KB

Download
memory/2104-40-0x0000000002A40000-0x0000000002A5D000-memory.dmp

Filesize
116KB

Download
memory/2104-47-0x0000000006010000-0x000000000604A000-memory.dmp

Filesize
232KB

Download
memory/2104-13-0x0000000000A50000-0x0000000000A61000-memory.dmp

Filesize
68KB

Download
memory/2104-48-0x00000000063E0000-0x00000000064C9000-memory.dmp

Filesize
932KB

Download
memory/2104-51-0x00000000063E0000-0x00000000064C9000-memory.dmp

Filesize
932KB

Download
memory/2104-52-0x0000000002A10000-0x0000000002A16000-memory.dmp

Filesize
24KB

Download
memory/2104-55-0x0000000002A10000-0x0000000002A16000-memory.dmp

Filesize
24KB

Download
memory/2104-56-0x0000000002A60000-0x0000000002A69000-memory.dmp

Filesize
36KB

Download
memory/2104-59-0x0000000002A60000-0x0000000002A69000-memory.dmp

Filesize
36KB

Download
memory/2104-60-0x00000000064D0000-0x0000000006575000-memory.dmp

Filesize
660KB

Download
memory/2104-64-0x0000000007700000-0x0000000007BD0000-memory.dmp

Filesize
4.8MB

Download
memory/2104-63-0x00000000064D0000-0x0000000006575000-memory.dmp

Filesize
660KB

Download
memory/2104-67-0x0000000007700000-0x0000000007BD0000-memory.dmp

Filesize
4.8MB

Download
memory/2104-112-0x0000000000AF0000-0x0000000001318000-memory.dmp

Filesize
8.2MB

Download

Analysis

Sharing