agenttesla | 895caf8a32b031db037f0b3be265ebc5a909b4f1f1880a252795458a87bf1214 | Triage

Submit
Reports

Overview

overview

Static

static

OUTSTANDIN...TS.exe

windows7_x64

OUTSTANDIN...TS.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

Target

OUTSTANDING PAYMENTS.exe
Size

701KB
Sample

200716-e19624eq9a
MD5

545352c3b443c8d949fb9bf068be1aef
SHA1

0d7569043e0a6566a9680f77b82ffa32f322865f
SHA256

895caf8a32b031db037f0b3be265ebc5a909b4f1f1880a252795458a87bf1214
SHA512

b1a9c2e7649b927281d18ddf97313f0a08080dfadd5fe04d57379972ded48f6fbd0f319fbbcad712e1c13b301c87a1948ca225f37909d27f7d6a929a29009d50

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

OUTSTANDING PAYMENTS.exe

Resource

win7

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OUTSTANDING PAYMENTS.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mdist.us
Port:
587
Username:
[email protected]
Password:
Receiving#4321

Targets

- Target
  
  OUTSTANDING PAYMENTS.exe
- Size
  
  701KB
- MD5
  
  545352c3b443c8d949fb9bf068be1aef
- SHA1
  
  0d7569043e0a6566a9680f77b82ffa32f322865f
- SHA256
  
  895caf8a32b031db037f0b3be265ebc5a909b4f1f1880a252795458a87bf1214
- SHA512
  
  b1a9c2e7649b927281d18ddf97313f0a08080dfadd5fe04d57379972ded48f6fbd0f319fbbcad712e1c13b301c87a1948ca225f37909d27f7d6a929a29009d50
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy