agenttesla | 51f24503d32c9e10a2e7afe027d438380d007cd1566e5399cc52b039cacdb2ea

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 16:22

Target

Notificación Transferencia Interbancaria.exe
Size

1.3MB
MD5

e508efd0a94987b67e8c1b9ee25be34f
SHA1

be932a6f544bb7126b5240c9733d0fa0db87148b
SHA256

51f24503d32c9e10a2e7afe027d438380d007cd1566e5399cc52b039cacdb2ea
SHA512

b3f555dd38ef68290ee391006253d0a140b6fb8a1d644dbb98b06e845fa523f9a5ee2afb1813b637604ded3a29bc6495f960975dce075bebf031d3b6c27b5280
SSDEEP

24576:LqDEvCTbMWu7rQYlBQcBiT6rprG8asIhF8m3STb:LTvC/MTQYxsWR7asIvR3S

Score

10^/10

Family

agenttesla

Credentials

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
27	ip-api.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1508 set thread context of 4884	1508	Notificación Transferencia Interbancaria.exe	92

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4884	RegSvcs.exe
4884	RegSvcs.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1508	Notificación Transferencia Interbancaria.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4884	RegSvcs.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 4884	1508	Notificación Transferencia Interbancaria.exe	92
PID 1508 wrote to memory of 4884	1508	Notificación Transferencia Interbancaria.exe	92
PID 1508 wrote to memory of 4884	1508	Notificación Transferencia Interbancaria.exe	92
PID 1508 wrote to memory of 4884	1508	Notificación Transferencia Interbancaria.exe	92

memory/1508-10-0x00000000017F0000-0x00000000017F4000-memory.dmp

Filesize
16KB

Download
memory/4884-11-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4884-12-0x00000000745B0000-0x0000000074D60000-memory.dmp

Filesize
7.7MB

Download
memory/4884-13-0x00000000054B0000-0x0000000005A54000-memory.dmp

Filesize
5.6MB

Download
memory/4884-14-0x0000000002980000-0x0000000002990000-memory.dmp

Filesize
64KB

Download
memory/4884-15-0x0000000005070000-0x00000000050D6000-memory.dmp

Filesize
408KB

Download
memory/4884-16-0x00000000061D0000-0x0000000006220000-memory.dmp

Filesize
320KB

Download
memory/4884-17-0x00000000062C0000-0x0000000006352000-memory.dmp

Filesize
584KB

Download
memory/4884-18-0x0000000006250000-0x000000000625A000-memory.dmp

Filesize
40KB

Download
memory/4884-19-0x00000000745B0000-0x0000000074D60000-memory.dmp

Filesize
7.7MB

Download
memory/4884-20-0x0000000002980000-0x0000000002990000-memory.dmp

Filesize
64KB

Download