agenttesla | 30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0

General

Target

30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe
Size

154.0MB
MD5

5dc1f3df08dc25000b3594ba35efc89d
SHA1

7ca16e7ab49cdb5b320f9843a59b8981c944f632
SHA256

30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0
SHA512

d10e7286a827f71abea1fc45ccc2d42d3f5f46af4640e637a1c945e554a5c54873bea0ebfe387f35d56d2d28b0a200e7b6e53a6cf0a7a3cd95c125d2999d670a
SSDEEP

1572864:UafzGToO0fw1GZrhqWKnUlqdoT43pv8Mx58zEy0DZlecF:HfzdhbIoTY5dZAQ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2548-64-0x0000000007610000-0x0000000007AE0000-memory.dmp	family_agenttesla
behavioral1/memory/2548-67-0x0000000007610000-0x0000000007AE0000-memory.dmp	family_agenttesla

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe

C:\Users\Admin\AppData\Local\Temp\30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe
"C:\Users\Admin\AppData\Local\Temp\30f0de577e66c6ad5c76b22f516d026662d2960578e50e299142ab73d95fe5e0.exe"
1⤵
- Enumerates system info in registry
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2548-0-0x00000000067A0000-0x0000000007129000-memory.dmp

Filesize
9.5MB

Download
memory/2548-3-0x00000000067A0000-0x0000000007129000-memory.dmp

Filesize
9.5MB

Download
memory/2548-5-0x0000000000B80000-0x00000000013A8000-memory.dmp

Filesize
8.2MB

Download
memory/2548-4-0x00000000082B0000-0x000000000941F000-memory.dmp

Filesize
17.4MB

Download
memory/2548-8-0x00000000082B0000-0x000000000941F000-memory.dmp

Filesize
17.4MB

Download
memory/2548-9-0x0000000009420000-0x000000000A008000-memory.dmp

Filesize
11.9MB

Download
memory/2548-20-0x0000000005E00000-0x0000000005EB4000-memory.dmp

Filesize
720KB

Download
memory/2548-29-0x00000000027E0000-0x00000000027F5000-memory.dmp

Filesize
84KB

Download
memory/2548-32-0x00000000027E0000-0x00000000027F5000-memory.dmp

Filesize
84KB

Download
memory/2548-28-0x0000000000B60000-0x0000000000B7F000-memory.dmp

Filesize
124KB

Download
memory/2548-36-0x0000000002870000-0x0000000002882000-memory.dmp

Filesize
72KB

Download
memory/2548-33-0x0000000002870000-0x0000000002882000-memory.dmp

Filesize
72KB

Download
memory/2548-25-0x0000000000B60000-0x0000000000B7F000-memory.dmp

Filesize
124KB

Download
memory/2548-24-0x00000000027B0000-0x00000000027BC000-memory.dmp

Filesize
48KB

Download
memory/2548-21-0x00000000027B0000-0x00000000027BC000-memory.dmp

Filesize
48KB

Download
memory/2548-17-0x0000000005E00000-0x0000000005EB4000-memory.dmp

Filesize
720KB

Download
memory/2548-16-0x0000000000B30000-0x0000000000B41000-memory.dmp

Filesize
68KB

Download
memory/2548-13-0x0000000000B30000-0x0000000000B41000-memory.dmp

Filesize
68KB

Download
memory/2548-47-0x0000000005C00000-0x0000000005C3A000-memory.dmp

Filesize
232KB

Download
memory/2548-44-0x0000000005C00000-0x0000000005C3A000-memory.dmp

Filesize
232KB

Download
memory/2548-60-0x0000000006310000-0x00000000063B5000-memory.dmp

Filesize
660KB

Download
memory/2548-59-0x0000000002890000-0x0000000002899000-memory.dmp

Filesize
36KB

Download
memory/2548-56-0x0000000002890000-0x0000000002899000-memory.dmp

Filesize
36KB

Download
memory/2548-64-0x0000000007610000-0x0000000007AE0000-memory.dmp

Filesize
4.8MB

Download
memory/2548-63-0x0000000006310000-0x00000000063B5000-memory.dmp

Filesize
660KB

Download
memory/2548-67-0x0000000007610000-0x0000000007AE0000-memory.dmp

Filesize
4.8MB

Download
memory/2548-55-0x0000000005BC0000-0x0000000005BC6000-memory.dmp

Filesize
24KB

Download
memory/2548-52-0x0000000005BC0000-0x0000000005BC6000-memory.dmp

Filesize
24KB

Download
memory/2548-51-0x0000000006400000-0x00000000064E9000-memory.dmp

Filesize
932KB

Download
memory/2548-48-0x0000000006400000-0x00000000064E9000-memory.dmp

Filesize
932KB

Download
memory/2548-43-0x0000000002A20000-0x0000000002A3D000-memory.dmp

Filesize
116KB

Download
memory/2548-40-0x0000000002A20000-0x0000000002A3D000-memory.dmp

Filesize
116KB

Download
memory/2548-12-0x0000000009420000-0x000000000A008000-memory.dmp

Filesize
11.9MB

Download
memory/2548-112-0x0000000000B80000-0x00000000013A8000-memory.dmp

Filesize
8.2MB

Download

Analysis

Sharing