agenttesla | 1068cb29f89d81ad0348c72c63a90588f35b9a520e57764daeed44dc22192c1a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

6hDkZtFd2S.exe

windows7-x64

6hDkZtFd2S.exe

windows10-2004-x64

8

Sharing

General

Target

6hDkZtFd2S.exe
Size

1.1MB
Sample

230313-qmsv6ace8z
MD5

21377e758f4ee739965642b393f13fe8
SHA1

edbfaed7cac6642cce909d18f8ee07aec722d874
SHA256

1068cb29f89d81ad0348c72c63a90588f35b9a520e57764daeed44dc22192c1a
SHA512

39f55734563fdbae2600f53bf07a68c450e76668517b25332d4f7672fc7e0409514cba19fe9fa2f01a140fb8973a95467b64e5e4b3d05400efdc8bf64a363d67
SSDEEP

12288:3bq7bcal64fG2Ms7cfl9/C8JAP2f3wBt6UQEM7ef7OB8GFX0w2WbmjoaTRgkSlTF:+fKWM82faZ4gJSGCiNOyjgT7PVf

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6hDkZtFd2S.exe

Resource

win7-20230220-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

6hDkZtFd2S.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kumbarasigorta.com
Port:
587
Username:
[email protected]
Password:
123@Kumbarasigorta
Email To:
[email protected]

Targets

- Target
  
  6hDkZtFd2S.exe
- Size
  
  1.1MB
- MD5
  
  21377e758f4ee739965642b393f13fe8
- SHA1
  
  edbfaed7cac6642cce909d18f8ee07aec722d874
- SHA256
  
  1068cb29f89d81ad0348c72c63a90588f35b9a520e57764daeed44dc22192c1a
- SHA512
  
  39f55734563fdbae2600f53bf07a68c450e76668517b25332d4f7672fc7e0409514cba19fe9fa2f01a140fb8973a95467b64e5e4b3d05400efdc8bf64a363d67
- SSDEEP
  
  12288:3bq7bcal64fG2Ms7cfl9/C8JAP2f3wBt6UQEM7ef7OB8GFX0w2WbmjoaTRgkSlTF:+fKWM82faZ4gJSGCiNOyjgT7PVf
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy