agenttesla | 48b8a0489b885816b349cfbd4987202cccb6df63957e024923273215a739a810 | Triage

Submit
Reports

Overview

overview

Static

static

LASVIT-210...92.exe

windows7-x64

LASVIT-210...92.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9a84bce4ebb178bb6941a890eb498d37bcdc38002049c92026e9de5d019b8b87.zip
Size

663KB
Sample

220921-sv8yfsgeh3
MD5

18ae382260b2d677881db6865177016b
SHA1

0870024b0b0b77406f6007f45f15145fba9b62cc
SHA256

48b8a0489b885816b349cfbd4987202cccb6df63957e024923273215a739a810
SHA512

9eba1c337f736c87cf6e9c140d2d183734232d3b07daca250c4943fa05c0f58ab06dbc7c4a2ea877824b74f7698135ebc4b55ff7601d5c100a9528f5faeeb9e0
SSDEEP

12288:elFWCe+nHdx84q9aH280kW2ITKUKVNcZusN1MjKzuaPFyk2:elFAKHP845B0ka/KV+FN1MmuYFU

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

LASVIT-210922-E011782092.exe

Resource

win7-20220812-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

LASVIT-210922-E011782092.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.hdconstruct.ro/
Port:
21
Username:
[email protected]
Password:
5R)XZ2Xqis2HZ7p[d6+Oe!0i^C85CQ]uD68jNN@ossy~wH-(ie^9O2(001174?skX%ouFto

Targets

- Target
  
  LASVIT-210922-E011782092.exe
- Size
  
  665KB
- MD5
  
  fa4b3bedfeaa2afb11d8e10df2b13464
- SHA1
  
  5cba78d33669dfed8fb15c9fbe3ef131e304fa27
- SHA256
  
  d31cf84c72885dd1108abe0ad6a88776d4650ffc073556a334b8c4fba98376c0
- SHA512
  
  dcfddc6f1d96ffd01db5724e0f0a66e6c223af7fb080ef3315033ec8d8197bad10133bcabe0fe2f0c8d6ed57a9958f963196d593386eeee0e77a4cbd1baa3081
- SSDEEP
  
  6144:uHc7foqMtH3visHHAH188II+M3gW6g3PAo4MfuPkla2Kgfy4E/bl4Q9atpQNu5I7:oc7fqpHHHAH1FIIdEMrWPkXKSyOw3ok
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy