agenttesla | 819416c754bbaedea5b79af75d1cc4722e5b1ce1457584a7a39eb38d0d955f95 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

c6e74929d1...f2.exe

windows7-x64

c6e74929d1...f2.exe

windows10-2004-x64

Sharing

General

Target

c7bc4f44e279307955bc109deac55204.bin
Size

533KB
Sample

230505-x9a27ahe98
MD5

8bd6c821a4bb219d48619697d27c8f86
SHA1

dd56312abe633eb3a71c06fb3e730e7a6fbf052c
SHA256

819416c754bbaedea5b79af75d1cc4722e5b1ce1457584a7a39eb38d0d955f95
SHA512

629296d3cd8f91b43f0062c020b5c46b356961cce53f1d59d628c196af5ab3dda032039da72fd497ab73f60121283605e7d8a13ec7c28ebef8f45c095efa2015
SSDEEP

12288:XFBMaPyP9wYFf1x0Ld/yk32DeFT6bztJFCxrBwstQLrg:1+aA9FmLAPG6H2wsP

Score

10^/10

agenttesla redline collection infostealer keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe

Resource

win7-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe

Resource

win10v2004-20230220-en

agenttesla redline collection infostealer keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
JUGCRsm9
Email To:
[email protected]

Targets

- Target
  
  c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe
- Size
  
  656KB
- MD5
  
  c7bc4f44e279307955bc109deac55204
- SHA1
  
  462ba319aef5f2077d86282bbde6b8d71afe72ca
- SHA256
  
  c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2
- SHA512
  
  6e4477af961e05923b7580a36aa2998d6c705e4431fc7c90701de33d50f040d94ec056826e5248a0d2895dde618f25dabdfb95c5f623ef5aca87bc824a081270
- SSDEEP
  
  12288:DQdi+j8KQq/flRRoF/H1JrgKY1kdrdJwAYaTpel9tGQOFaV:QRj8ytoF/VeSLJw+TpertGQOFaV
Score

10^/10

agenttesla collection keylogger spyware stealer trojan redline infostealer
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslaredlinecollectioninfostealerkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy