agenttesla | 981463945beccba6a57000f63d6d3b86a2dfb065979df527ded79ba44e4fe1f9

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6/Xworm V5.6.exe
Size

14.9MB
MD5

db51a102eab752762748a2dec8f7f67a
SHA1

194688ec1511b83063f7b0167ae250764b7591d1
SHA256

93e5e7f018053c445c521b010caff89e61f61743635db3500aad32d6e495abb2
SHA512

fb2fb6605a17fedb65e636cf3716568e85b8ea423c23e0513eb87f3a3441e2cabc4c3e6346225a9bf7b81e97470f3ab516feea649a7afb5cdf02faff8d7f09a5
SSDEEP

196608:k4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:kuyIhhkRka4i

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/2276-3-0x000000001C4E0000-0x000000001C6D4000-memory.dmp	family_agenttesla

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe

C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2276-0-0x000007FEF5BD3000-0x000007FEF5BD4000-memory.dmp

Filesize
4KB

Download
memory/2276-1-0x00000000003A0000-0x0000000001288000-memory.dmp

Filesize
14.9MB

Download
memory/2276-2-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/2276-3-0x000000001C4E0000-0x000000001C6D4000-memory.dmp

Filesize
2.0MB

Download
memory/2276-5-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/2276-4-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/2276-6-0x000007FEF5BD3000-0x000007FEF5BD4000-memory.dmp

Filesize
4KB

Download
memory/2276-7-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/2276-8-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download