agenttesla | d913a8b769f15f990535d033b50189f04378290cf0c44e58926980eae27459da

Analysis

max time kernel
134s
max time network
136s
platform
windows11-21h2_x64
resource
win11-20231129-en
resource tags

arch:x64arch:x86image:win11-20231129-enlocale:en-usos:windows11-21h2-x64system
submitted
09-12-2023 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.exe
Size

216KB
MD5

b431834edf99021cf97d0a5be32e74db
SHA1

0f10206595d7f6b52e73f6c969ec4e9d5e0b0c5d
SHA256

be7772f9ec74c9538e68a796a1ac783b6691a3c500d12a0beb04eeffc3525931
SHA512

56ea7de05c9eb8437dffc6dd1e6951feb10a3cc95207a90824e7d3be5a7b4113a387f77aa64a65524dabefc3d3a8a02d2ca73d958d8daa211013a690c1b4a106
SSDEEP

3072:IIym4PU5dNLJ9bW4qgjwZcCzS77A1HdG/N3XIfduIr9wkgYqMgRvrNWYJPPP1H4U:IExCcC2XIcuRqdfh7sGNEaAa4QXgP

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral2/memory/800-6-0x00000000066E0000-0x00000000068F4000-memory.dmp	family_agenttesla

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Launcher.exe

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Enumerates system info in registry
PID:800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/800-1-0x00000000743D0000-0x0000000074B81000-memory.dmp

Filesize
7.7MB

Download
memory/800-0-0x0000000000E50000-0x0000000000E8C000-memory.dmp

Filesize
240KB

Download
memory/800-3-0x0000000005960000-0x00000000059F2000-memory.dmp

Filesize
584KB

Download
memory/800-2-0x0000000005F10000-0x00000000064B6000-memory.dmp

Filesize
5.6MB

Download
memory/800-4-0x0000000005B90000-0x0000000005BA0000-memory.dmp

Filesize
64KB

Download
memory/800-5-0x0000000005930000-0x000000000593A000-memory.dmp

Filesize
40KB

Download
memory/800-6-0x00000000066E0000-0x00000000068F4000-memory.dmp

Filesize
2.1MB

Download
memory/800-7-0x0000000005B90000-0x0000000005BA0000-memory.dmp

Filesize
64KB

Download
memory/800-8-0x00000000743D0000-0x0000000074B81000-memory.dmp

Filesize
7.7MB

Download
memory/800-9-0x0000000005B90000-0x0000000005BA0000-memory.dmp

Filesize
64KB

Download
memory/800-10-0x0000000005B90000-0x0000000005BA0000-memory.dmp

Filesize
64KB

Download
memory/800-12-0x00000000743D0000-0x0000000074B81000-memory.dmp

Filesize
7.7MB

Download