agenttesla | 9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52 | Triage

Submit
Reports

Overview

overview

Static

static

9e9974fe3a...52.exe

windows7_x64

9e9974fe3a...52.exe

windows10-2004_x64

Sharing

General

Target

9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52
Size

755KB
Sample

220414-pwn3wscag7
MD5

666925a5d370b82d8b3d930e81f80f27
SHA1

9a31ed86c0d51c9287b96770c0c320f6d198a926
SHA256

9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52
SHA512

1af6ee18bbbf4930e90fa5a50ee300729833f9bbdf4bb385b4e6b08a6b91d3faf9a1e2d59466a08b4b6db4771dbb7e698981886a7707c7c7d2a7fe2361ad902b

Score

10^/10

agenttesla metastealer keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52.exe

Resource

win7-20220331-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52.exe

Resource

win10v2004-20220331-en

agenttesla metastealer keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.orionfeshion.com
Port:
587
Username:
[email protected]
Password:
LiPwzbc5

Targets

- Target
  
  9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52
- Size
  
  755KB
- MD5
  
  666925a5d370b82d8b3d930e81f80f27
- SHA1
  
  9a31ed86c0d51c9287b96770c0c320f6d198a926
- SHA256
  
  9e9974fe3a20d29af7b844255b32c7b1fea7f0c7c0fae8b1b7fc3330e86f5b52
- SHA512
  
  1af6ee18bbbf4930e90fa5a50ee300729833f9bbdf4bb385b4e6b08a6b91d3faf9a1e2d59466a08b4b6db4771dbb7e698981886a7707c7c7d2a7fe2361ad902b
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan metastealer
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslametastealerkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy