agenttesla | 00c2471d59f42fed3a8f4cc11ad2e9c1f05cf4670018fad4fccf75c9e89a1e9f

Analysis

max time kernel
11s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24-04-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FortniteLauncher.exe
Size

1.8MB
MD5

ea5b3ff089765b9e96dab4ebb8edfb10
SHA1

4e0887d39e715d60d6d44c9c36ed28c1b82cb0db
SHA256

00c2471d59f42fed3a8f4cc11ad2e9c1f05cf4670018fad4fccf75c9e89a1e9f
SHA512

00e6d53424fa2fd4688d6e590edb76e812cab5fe99a085d978d6deaf65c5e1c2b133f851eacd69d582e21b99f384e5d2834d1ce40366a90ec0984b8372909128
SSDEEP

49152:oJITYbNbNWo4kSH3OqtwIQr4qdkqXfd+/9A9TSanieKd0:oJIT4bNJFY3OqtnqdkqXf0FoSWx

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/704-3-0x000001AF33E90000-0x000001AF340A4000-memory.dmp	family_agenttesla

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

FortniteLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	FortniteLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	FortniteLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\FortniteLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\FortniteLauncher.exe"
1⤵
- Enumerates system info in registry
PID:704

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/704-0-0x000001AF191C0000-0x000001AF1939A000-memory.dmp

Filesize
1.9MB

Download
memory/704-1-0x00007FFD311F0000-0x00007FFD31CB2000-memory.dmp

Filesize
10.8MB

Download
memory/704-2-0x000001AF33C90000-0x000001AF33CA0000-memory.dmp

Filesize
64KB

Download
memory/704-3-0x000001AF33E90000-0x000001AF340A4000-memory.dmp

Filesize
2.1MB

Download
memory/704-4-0x000001AF33C90000-0x000001AF33CA0000-memory.dmp

Filesize
64KB

Download
memory/704-6-0x00007FFD311F0000-0x00007FFD31CB2000-memory.dmp

Filesize
10.8MB

Download