agenttesla | b3fbab4d8090fb6109b890d24c1e457db6e3f6bd5e17c6be2f2cb8448d53d5ab | Triage

Submit
Reports

Overview

overview

Static

static

3

002523699.exe

windows7-x64

002523699.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

002523699.exe
Size

692KB
Sample

230525-mxz6fahd64
MD5

438669903956588f4d2d38af36d8a576
SHA1

c11b8cd74cc94a355e52b1a7c3b847e826c3a6c6
SHA256

b3fbab4d8090fb6109b890d24c1e457db6e3f6bd5e17c6be2f2cb8448d53d5ab
SHA512

14393880718f2b005b16dcbef88c1a6a1d2452c2c0472fb6935c7986ca2233651f3e8eccd61dfd786a406f6aab8e5bee0cd51bd9cfeeced8fb8e403a33678346
SSDEEP

12288:8aWIm6lVvtzZBEP85HE19rt764nNwXWjdClE1JOjXFE6gtffEWtHEZmxG:RTmIt9BEP8JE/rveqdClE/g0tNBG

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

002523699.exe

Resource

win7-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

002523699.exe

Resource

win10v2004-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6277498666:AAH4URlmeSysUKKZG20OTvrve55BRMLEu_o/

Targets

- Target
  
  002523699.exe
- Size
  
  692KB
- MD5
  
  438669903956588f4d2d38af36d8a576
- SHA1
  
  c11b8cd74cc94a355e52b1a7c3b847e826c3a6c6
- SHA256
  
  b3fbab4d8090fb6109b890d24c1e457db6e3f6bd5e17c6be2f2cb8448d53d5ab
- SHA512
  
  14393880718f2b005b16dcbef88c1a6a1d2452c2c0472fb6935c7986ca2233651f3e8eccd61dfd786a406f6aab8e5bee0cd51bd9cfeeced8fb8e403a33678346
- SSDEEP
  
  12288:8aWIm6lVvtzZBEP85HE19rt764nNwXWjdClE1JOjXFE6gtffEWtHEZmxG:RTmIt9BEP8JE/rveqdClE/g0tNBG
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy