agenttesla | ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

952KB
Sample

230316-meyjwscf4s
MD5

9dd97b3380058856a357c1f1185459e5
SHA1

03265ace06f8556bc9778f6ec9a7d41f25aa1544
SHA256

ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b
SHA512

cef0de270220546566cb4097ae370402209ad4955959356a9c271dcda751d7ae183e82a155de4d6ea1530be765709b27607adce615581c9d0b444c494c02697e
SSDEEP

24576:vq2JThA+pEWsz5VrPH4BpvpiFDqlWUu5rVwHz:v/FSaRsDzYBvuWsU

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230221-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.huiijingco.com
Port:
587
Username:
[email protected]
Password:
lNLUrZT2

Targets

- Target
  
  tmp
- Size
  
  952KB
- MD5
  
  9dd97b3380058856a357c1f1185459e5
- SHA1
  
  03265ace06f8556bc9778f6ec9a7d41f25aa1544
- SHA256
  
  ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b
- SHA512
  
  cef0de270220546566cb4097ae370402209ad4955959356a9c271dcda751d7ae183e82a155de4d6ea1530be765709b27607adce615581c9d0b444c494c02697e
- SSDEEP
  
  24576:vq2JThA+pEWsz5VrPH4BpvpiFDqlWUu5rVwHz:v/FSaRsDzYBvuWsU
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy