agenttesla | 8eb1f5551a27d2fe1366393c4fc787ebf70dd0d394e1d229bd8a5ba34f418bb3 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8eb1f5551a27d2fe1366393c4fc787ebf70dd0d394e1d229bd8a5ba34f418bb3
Size

807KB
Sample

230525-slmzmabe4w
MD5

4b62cded4bd964e8d53d3787e4c35e74
SHA1

b76cf14bdaf01ea6139603ca2f236191e1585980
SHA256

8eb1f5551a27d2fe1366393c4fc787ebf70dd0d394e1d229bd8a5ba34f418bb3
SHA512

a0316cf29230926eeed07cef2de4dd99a07886b81cef95060eeb8e0072d1f4240e4130e2c94f9d6369a0fa0badb881199e2fba4c2103f7d80c29b6b513367f57
SSDEEP

12288:rk5FKCbLN0TH93TsFad92nPDo8kV3z7fPyscC6Qm0CiTB2Qw:Y/DeHNTsFnnNafP/xRX

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8eb1f5551a27d2fe1366393c4fc787ebf70dd0d394e1d229bd8a5ba34f418bb3.exe

Resource

win10v2004-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/

Targets

- Target
  
  8eb1f5551a27d2fe1366393c4fc787ebf70dd0d394e1d229bd8a5ba34f418bb3
- Size
  
  807KB
- MD5
  
  4b62cded4bd964e8d53d3787e4c35e74
- SHA1
  
  b76cf14bdaf01ea6139603ca2f236191e1585980
- SHA256
  
  8eb1f5551a27d2fe1366393c4fc787ebf70dd0d394e1d229bd8a5ba34f418bb3
- SHA512
  
  a0316cf29230926eeed07cef2de4dd99a07886b81cef95060eeb8e0072d1f4240e4130e2c94f9d6369a0fa0badb881199e2fba4c2103f7d80c29b6b513367f57
- SSDEEP
  
  12288:rk5FKCbLN0TH93TsFad92nPDo8kV3z7fPyscC6Qm0CiTB2Qw:Y/DeHNTsFnnNafP/xRX
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy