agenttesla | 44f3e7854ea6963412d6040957bfc7f8b753858abf9a0b84be9d8068463209ff | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

44f3e7854ea6963412d6040957bfc7f8b753858abf9a0b84be9d8068463209ff
Size

979KB
Sample

221007-lky7yaccej
MD5

62aa2ba22a447fb2b167cc65732ceeab
SHA1

ead9b7a1fdad674dcfdcd539cf07176d51bdf6bf
SHA256

44f3e7854ea6963412d6040957bfc7f8b753858abf9a0b84be9d8068463209ff
SHA512

544a44a6de876e4a4676ac75d03677145b4c82abd6efee7a8e738e6f94d297c14dd8cb7a1d992f824985a57db9e86769b4761adcbeacc2fd108e88c9f61e5896
SSDEEP

12288:f2iNtJ2uteZsTOgXFyYyBBf2LVRw5sjno0lldYI:f1MWeZs/XFABBf2LVxjoS7YI

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

44f3e7854ea6963412d6040957bfc7f8b753858abf9a0b84be9d8068463209ff.exe

Resource

win10-20220812-en

agenttesla collection keylogger spyware stealer trojan

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.valvulasthermovalve.cl
Port:
21
Username:
[email protected]
Password:
LILKOOLL14!!

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.valvulasthermovalve.cl/
Port:
21
Username:
[email protected]
Password:
LILKOOLL14!!

Targets

- Target
  
  44f3e7854ea6963412d6040957bfc7f8b753858abf9a0b84be9d8068463209ff
- Size
  
  979KB
- MD5
  
  62aa2ba22a447fb2b167cc65732ceeab
- SHA1
  
  ead9b7a1fdad674dcfdcd539cf07176d51bdf6bf
- SHA256
  
  44f3e7854ea6963412d6040957bfc7f8b753858abf9a0b84be9d8068463209ff
- SHA512
  
  544a44a6de876e4a4676ac75d03677145b4c82abd6efee7a8e738e6f94d297c14dd8cb7a1d992f824985a57db9e86769b4761adcbeacc2fd108e88c9f61e5896
- SSDEEP
  
  12288:f2iNtJ2uteZsTOgXFyYyBBf2LVRw5sjno0lldYI:f1MWeZs/XFABBf2LVxjoS7YI
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy