agenttesla | 2d310d80e32cf06ccf6cc5e63e542283bc9a301a31215030733a1f733b0d2346

Analysis

max time kernel
51s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1649e10c12e3b6242ac80048b6623683.exe
Size

1.4MB
MD5

1649e10c12e3b6242ac80048b6623683
SHA1

14a200da1c85b80e688673fcc26f4ac21cf9a6fe
SHA256

2d310d80e32cf06ccf6cc5e63e542283bc9a301a31215030733a1f733b0d2346
SHA512

db5905abd5caf3027d06b513cc3b590a27b090817b0e3deae03abb1f51778481cdf724e202a02f39a12847c72fb3e907aa074de74a00d1130a93f2a19677fb92
SSDEEP

24576:adOTNGD7beQ6fsJcPvKVdtNFS/E+FH/T2fXO:0qU9uknSL/T2/

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

https://api.telegram.org/bot1775909572:AAGbTnqPuJBAUZrgQhid9SmcxSSNElS3rh8/sendDocument

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral2/memory/3376-37-0x0000000000400000-0x000000000043C000-memory.dmp	family_agenttesla

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3276	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\1649e10c12e3b6242ac80048b6623683.exe
"C:\Users\Admin\AppData\Local\Temp\1649e10c12e3b6242ac80048b6623683.exe"
1⤵
PID:220
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LosJvWlPQthlo" /XML "C:\Users\Admin\AppData\Local\Temp\tmp13F0.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:3276
- C:\Users\Admin\AppData\Local\Temp\1649e10c12e3b6242ac80048b6623683.exe
  "C:\Users\Admin\AppData\Local\Temp\1649e10c12e3b6242ac80048b6623683.exe"
  2⤵
  PID:3376
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\LosJvWlPQthlo.exe"
  2⤵
  PID:5080
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\LosJvWlPQthlo.exe"
  2⤵
  PID:2108
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1649e10c12e3b6242ac80048b6623683.exe"
  2⤵
  PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/220-3-0x0000000005350000-0x00000000058F4000-memory.dmp

Filesize
5.6MB

Download
memory/220-4-0x0000000004DA0000-0x0000000004E32000-memory.dmp

Filesize
584KB

Download
memory/220-6-0x0000000004C80000-0x0000000004C8A000-memory.dmp

Filesize
40KB

Download
memory/220-7-0x0000000004F30000-0x0000000004F86000-memory.dmp

Filesize
344KB

Download
memory/220-8-0x0000000004CC0000-0x0000000004CDE000-memory.dmp

Filesize
120KB

Download
memory/220-5-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download
memory/220-2-0x0000000004D00000-0x0000000004D9C000-memory.dmp

Filesize
624KB

Download
memory/220-1-0x0000000000250000-0x00000000003BA000-memory.dmp

Filesize
1.4MB

Download
memory/220-0-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/220-9-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/220-10-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download
memory/220-11-0x0000000005C10000-0x0000000005CAE000-memory.dmp

Filesize
632KB

Download
memory/220-12-0x0000000008170000-0x00000000081AC000-memory.dmp

Filesize
240KB

Download
memory/220-50-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2108-92-0x000000007F330000-0x000000007F340000-memory.dmp

Filesize
64KB

Download
memory/2108-26-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/2108-113-0x0000000007530000-0x0000000007544000-memory.dmp

Filesize
80KB

Download
memory/2108-93-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/2108-122-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2108-109-0x0000000007360000-0x000000000736A000-memory.dmp

Filesize
40KB

Download
memory/2108-65-0x0000000006580000-0x00000000065CC000-memory.dmp

Filesize
304KB

Download
memory/2108-94-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/2108-112-0x0000000007520000-0x000000000752E000-memory.dmp

Filesize
56KB

Download
memory/2108-81-0x0000000075730000-0x000000007577C000-memory.dmp

Filesize
304KB

Download
memory/2108-24-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2672-108-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2672-38-0x0000000005640000-0x0000000005994000-memory.dmp

Filesize
3.3MB

Download
memory/2672-19-0x0000000004C10000-0x0000000005238000-memory.dmp

Filesize
6.2MB

Download
memory/2672-22-0x0000000004B40000-0x0000000004B62000-memory.dmp

Filesize
136KB

Download
memory/2672-20-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2672-18-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2672-17-0x0000000002230000-0x0000000002266000-memory.dmp

Filesize
216KB

Download
memory/2672-21-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2672-114-0x0000000007180000-0x000000000719A000-memory.dmp

Filesize
104KB

Download
memory/2672-125-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2672-95-0x000000007F6F0000-0x000000007F700000-memory.dmp

Filesize
64KB

Download
memory/2672-23-0x0000000005460000-0x00000000054C6000-memory.dmp

Filesize
408KB

Download
memory/2672-27-0x00000000054D0000-0x0000000005536000-memory.dmp

Filesize
408KB

Download
memory/2672-96-0x0000000075730000-0x000000007577C000-memory.dmp

Filesize
304KB

Download
memory/2672-64-0x0000000005B10000-0x0000000005B2E000-memory.dmp

Filesize
120KB

Download
memory/3376-126-0x0000000005A80000-0x0000000005A98000-memory.dmp

Filesize
96KB

Download
memory/3376-37-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3376-49-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/3376-51-0x0000000005AB0000-0x0000000005AC0000-memory.dmp

Filesize
64KB

Download
memory/3376-127-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/3376-128-0x0000000005AB0000-0x0000000005AC0000-memory.dmp

Filesize
64KB

Download
memory/3376-133-0x0000000005AB0000-0x0000000005AC0000-memory.dmp

Filesize
64KB

Download
memory/3376-132-0x0000000006900000-0x0000000006950000-memory.dmp

Filesize
320KB

Download
memory/5080-52-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/5080-79-0x0000000002600000-0x0000000002610000-memory.dmp

Filesize
64KB

Download
memory/5080-80-0x0000000006F20000-0x0000000006FC3000-memory.dmp

Filesize
652KB

Download
memory/5080-82-0x0000000002600000-0x0000000002610000-memory.dmp

Filesize
64KB

Download
memory/5080-115-0x0000000007370000-0x0000000007378000-memory.dmp

Filesize
32KB

Download
memory/5080-111-0x0000000007250000-0x0000000007261000-memory.dmp

Filesize
68KB

Download
memory/5080-67-0x000000007EFC0000-0x000000007EFD0000-memory.dmp

Filesize
64KB

Download
memory/5080-66-0x0000000006EC0000-0x0000000006EF2000-memory.dmp

Filesize
200KB

Download
memory/5080-110-0x00000000072D0000-0x0000000007366000-memory.dmp

Filesize
600KB

Download
memory/5080-121-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/5080-106-0x0000000007690000-0x0000000007D0A000-memory.dmp

Filesize
6.5MB

Download
memory/5080-107-0x0000000007050000-0x000000000706A000-memory.dmp

Filesize
104KB

Download
memory/5080-68-0x0000000075730000-0x000000007577C000-memory.dmp

Filesize
304KB

Download
memory/5080-78-0x0000000006F00000-0x0000000006F1E000-memory.dmp

Filesize
120KB

Download
memory/5080-62-0x0000000002600000-0x0000000002610000-memory.dmp

Filesize
64KB

Download
memory/5080-63-0x0000000002600000-0x0000000002610000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads