agenttesla | 2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c | Triage

Submit
Reports

Overview

overview

Static

static

2d334ff514...7c.exe

windows7_x64

2d334ff514...7c.exe

windows10-2004_x64

Sharing

General

Target

2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c
Size

1.0MB
Sample

220414-ptb1jsggcn
MD5

e534b53d075fe29c9aa3030b7f4cd661
SHA1

7369f1567d017938b715d624d4635f867d24989a
SHA256

2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c
SHA512

ee6ca412f6b8b71d1eadb64ebf8915cda679e2c98fa80cd84119934beea3c75121b2a6bbe8075907b95c77e96698bbf8d383cc59a7dde7931712ecace321c569

Score

10^/10

agenttesla metastealer evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c.exe

Resource

win7-20220331-en

agenttesla evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c.exe

Resource

win10v2004-20220331-en

agenttesla metastealer evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1495483448:AAGd3prw4Kj-_QDn5QOZCeOnj6Y116TT7Wg/sendDocument

Targets

- Target
  
  2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c
- Size
  
  1.0MB
- MD5
  
  e534b53d075fe29c9aa3030b7f4cd661
- SHA1
  
  7369f1567d017938b715d624d4635f867d24989a
- SHA256
  
  2d334ff51483236fa87270be95e77b196989ca1c9bea4d803aa059c4758a917c
- SHA512
  
  ee6ca412f6b8b71d1eadb64ebf8915cda679e2c98fa80cd84119934beea3c75121b2a6bbe8075907b95c77e96698bbf8d383cc59a7dde7931712ecace321c569
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan metastealer
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- AgentTesla Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

agentteslametastealerevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy