agenttesla | dc81a155bca43adb1d475e96a712aec99c5cd933d55062157865a23700c9df29 | Triage

Submit
Reports

Overview

overview

Static

static

3

Statement ...nt.exe

windows7-x64

Statement ...nt.exe

windows10-2004-x64

Sharing

General

Target

Statement of Account.zip
Size

359KB
Sample

230707-j8er4afh48
MD5

5e30efea16c85ce2552a812f4d3fdb13
SHA1

4bfc66ca10c396c1c6ed64888dafe1f3baf5005a
SHA256

dc81a155bca43adb1d475e96a712aec99c5cd933d55062157865a23700c9df29
SHA512

ad062cac929af600475544b31649911f6337b17bd7a27233c0a5b4f72665912756398ccd52adc3c1f41fd4e0c5c067eeb0497dd79e64663836c4f4c10c6cc9ef
SSDEEP

6144:UpU8PL+u+LgocAYPWu8U+dxEmasuxiPznz8Y65R10YLKuxu9Z3nhPmIZOKkSH8Gu:OPLl7AYuu83dWsLLzgH172uxu9Zns2d+

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Statement of Account.exe

Resource

win7-20230703-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Statement of Account.exe

Resource

win10v2004-20230703-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Statement of Account.exe
- Size
  
  374KB
- MD5
  
  d63fd2dc2789389acc18b3692ee74fb3
- SHA1
  
  93aab7603ca6b92ca30633fff678e705b4a78161
- SHA256
  
  0a8f6e16fbacee3c0e929af360aab8f396937f31ebd07344f0ac295465071b45
- SHA512
  
  87688f239f9e06b7ddd5ebfd128c05a354126ea1640a95588c13e7a6376de78a0dd698294318f20adbd35a09ad0a5d203425cd9175bfb3dc8c5d673061154bed
- SSDEEP
  
  6144:vYa6paKA2ZWu8Q+dxEqasuxi7znzyA6RR1+YLCkxy9B3nhP6INOKkS/aGo56H3h:vYraKA2ou8LdksLXzIf1Zmkxy9BnkMZ1
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy