agenttesla | 8867a152f90a76d696141c7144b160b21607bed11da3aa3f0d3f0e25035ee36f | Triage

Submit
Reports

Overview

overview

Static

static

E810B9755.exe

windows7_x64

E810B9755.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

Target

E810B9755.exe
Size

734KB
Sample

200707-ds3q6kkfds
MD5

38af3379b5555b7c97731c6229b2b8db
SHA1

95a4c92355d256cf7237ae09601902027b1e6af9
SHA256

8867a152f90a76d696141c7144b160b21607bed11da3aa3f0d3f0e25035ee36f
SHA512

389fb1b43719ad349bdb8814f8d1a641a072b4b89ea86a1043a35ff08f767361dbf5c53fded7a4208cee9ce57c80d26cbc496b4b49e1b5ba5f82e93b305d1ed6

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

E810B9755.exe

Resource

win7v200430

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

E810B9755.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ashpraskills.com
Port:
587
Username:
[email protected]
Password:
TC041018$4321

Targets

- Target
  
  E810B9755.exe
- Size
  
  734KB
- MD5
  
  38af3379b5555b7c97731c6229b2b8db
- SHA1
  
  95a4c92355d256cf7237ae09601902027b1e6af9
- SHA256
  
  8867a152f90a76d696141c7144b160b21607bed11da3aa3f0d3f0e25035ee36f
- SHA512
  
  389fb1b43719ad349bdb8814f8d1a641a072b4b89ea86a1043a35ff08f767361dbf5c53fded7a4208cee9ce57c80d26cbc496b4b49e1b5ba5f82e93b305d1ed6
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy