agenttesla | bc16d3bbd177cb05ba8951e898d56c2c1f8969274579e9f33e3b0c76b8ff9c7a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

SOA 9206174.exe

windows7-x64

SOA 9206174.exe

windows10-2004-x64

3

Resubmissions

22/03/2023, 07:33 UTC

230322-jdt9asfe42 10

22/03/2023, 07:02 UTC

230322-htsjzahc8t 10

Sharing

General

Target

SOA 9206174.zip
Size

430KB
Sample

230322-jdt9asfe42
MD5

569d86839920600f3e27d9060891b9f2
SHA1

5a515e25976db8854c866a2cf5861c4099ec9ee0
SHA256

bc16d3bbd177cb05ba8951e898d56c2c1f8969274579e9f33e3b0c76b8ff9c7a
SHA512

f3930d2806b5abb4675053c518d04f66d87eb19d44e52cce4e3ffa5b15887f90354249affa280c22b0741c4fc53911c89e09a7e989ffff102d855f9ecf3e564c
SSDEEP

12288:V9Vv0gUO0EuTICaXPc3DxK3XGbXZ0gDcVGDVHZ:V9R1Ug1X+sCp0acVIV5

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SOA 9206174.exe

Resource

win7-20230220-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

SOA 9206174.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

300 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flash-tours.gr
Port:
587
Username:
info@flash-tours.gr
Password:
abcdef7890!#%&(
Email To:
officestore2022@gmail.com

Targets

- Target
  
  SOA 9206174.exe
- Size
  
  457KB
- MD5
  
  aab0efeffaee8ccddd956b602002217d
- SHA1
  
  7e926e8ffc86deb65dfacd5c698134ca42dc78ac
- SHA256
  
  00d8ac72e19602b0978ccc378c7e2cca282573db5bbf63d792438bee8d98cb49
- SHA512
  
  968c45cae94960cf68b6263820fe44122b03270b5199c88ec7dcdc531941346a195c1c03c33c7372aa33ae02c169a432f225464e8578405d0ad4ef4b5d78c489
- SSDEEP
  
  12288:LS9gOrY+/Vtrc3x8yLcJOzgMZbYZ0OY+zVGziaAUPrC:LS95TdIKyI8zgM+0gVsPAUP
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.