agenttesla | 89585c44076c1387bf8da92c5d514c39fa02ddd3accb6f548d1b92acfe78ff20 | Triage

Submit
Reports

Overview

overview

Static

static

3

Certificate.exe

windows7-x64

Certificate.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Certificate.Pdf.z
Size

289KB
Sample

230613-lse42aff67
MD5

43c9cc8180d63c88d536341a0e7ac005
SHA1

bd18611819119b7648c6d5f985519324b3904fab
SHA256

89585c44076c1387bf8da92c5d514c39fa02ddd3accb6f548d1b92acfe78ff20
SHA512

cf74e70038977eae1d65ab001f6c9ec70175f336bcd8aa3d5b5effaeaad3bef703a11cd87240633d8e01296450f8933ae13fa02521f02a5257ac78205b6fd1c1
SSDEEP

6144:CNLOLsv0KhjNRgpZqMuHLabZprN4SIBZByD3vcD9QtdyIbbg:uLx0KhjXuZuanyT+DknYg

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Certificate.exe

Resource

win7-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Certificate.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Certificate.exe
- Size
  
  331KB
- MD5
  
  91697062207628ac69072dfa42c0b59d
- SHA1
  
  3900d82634526d2701f6febe4975f8ac84b56a4b
- SHA256
  
  6631aace38dd7550a1a18350a43606bc2eb26380cc99fd6acafdf75f226498bb
- SHA512
  
  4bb68522386ca17a580f2667fcfcdf823d0a3b44ad069034208c77966d4dccfc84c30735a3940649eb5a9e1a91894f1aad1b26943f7cf4cf20e45036de1785c9
- SSDEEP
  
  6144:wYa6R3QL/klDalb8eNatTpTemlJtu1lXLS7wAW6MhEt1LC:wYH3No8/TpT5xuu3W6zt1LC
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy