agenttesla | 1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d | Triage

Submit
Reports

Overview

overview

Static

static

3

1f9d1b268f...7d.exe

windows7-x64

1f9d1b268f...7d.exe

windows10-2004-x64

Sharing

General

Target

1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d
Size

819KB
Sample

230608-pwt9xaga9z
MD5

3e228a5e2511f4337cb453da1f7aa029
SHA1

8f15b8016c6c11f01d5e256561d9a95807800195
SHA256

1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d
SHA512

dffad996d3be928b344e89558e9ebde9406cbfbe77cc6e4d4fcc232e7e92a08dad83f86b9280efdb914e8482ef1adfa83fe38630859d0a995ae2a935e81fdfb5
SSDEEP

12288:UsFbsfI8Z1gMFVobi/WS/DTOTH1D/4OP5s1C7H06uwx1Rfv2Nl58PXOdOgd:U0bsfI6dFqbI7s1DrP5q6uwlnG3

Score

10^/10

agenttesla collection evasion keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d.exe

Resource

win7-20230220-en

agenttesla evasion keylogger persistence spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d.exe

Resource

win10v2004-20230220-en

agenttesla collection evasion keylogger persistence spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5171883538:AAEyFWuNh68SJNNpkDCQbviRgrklZA3K4Qs/

Targets

- Target
  
  1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d
- Size
  
  819KB
- MD5
  
  3e228a5e2511f4337cb453da1f7aa029
- SHA1
  
  8f15b8016c6c11f01d5e256561d9a95807800195
- SHA256
  
  1f9d1b268f67bc64c145ba149a9b0ecbce8e08d3d8149732b77022278089f97d
- SHA512
  
  dffad996d3be928b344e89558e9ebde9406cbfbe77cc6e4d4fcc232e7e92a08dad83f86b9280efdb914e8482ef1adfa83fe38630859d0a995ae2a935e81fdfb5
- SSDEEP
  
  12288:UsFbsfI8Z1gMFVobi/WS/DTOTH1D/4OP5s1C7H06uwx1Rfv2Nl58PXOdOgd:U0bsfI6dFqbI7s1DrP5q6uwlnG3
Score

10^/10

agenttesla evasion keylogger persistence spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionevasionkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy