agenttesla | fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

fb3985dc3b...4b.exe

windows7-x64

fb3985dc3b...4b.exe

windows10-2004-x64

Sharing

General

Target

fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b.exe
Size

545KB
Sample

231011-q74s6ada62
MD5

bea32ab4dc9d62c210300c9dbc587cf5
SHA1

0d5d35b6a241917f80430015f97a6e7bcb419943
SHA256

fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b
SHA512

7bc4f0b489e1bb9c50515a13a7909e7d5b0e1a45f6a8c706ac3f99296d0b4e48636964b14c7f7075ef81a6e261c6bd634ff9cf848699ffb4f7c2fd118320fc3f
SSDEEP

12288:6Ub+UwSvMMMDMMMWCUB1ysqCVTSK2k1m94SmCVN:lvMMMDMMMWCo1xlSK2kQ+6

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b.exe

Resource

win7-20230831-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b.exe

Resource

win10v2004-20230915-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kbakr.com
Port:
587
Username:
[email protected]
Password:
blessings@@@
Email To:
[email protected]

Targets

- Target
  
  fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b.exe
- Size
  
  545KB
- MD5
  
  bea32ab4dc9d62c210300c9dbc587cf5
- SHA1
  
  0d5d35b6a241917f80430015f97a6e7bcb419943
- SHA256
  
  fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b
- SHA512
  
  7bc4f0b489e1bb9c50515a13a7909e7d5b0e1a45f6a8c706ac3f99296d0b4e48636964b14c7f7075ef81a6e261c6bd634ff9cf848699ffb4f7c2fd118320fc3f
- SSDEEP
  
  12288:6Ub+UwSvMMMDMMMWCUB1ysqCVTSK2k1m94SmCVN:lvMMMDMMMWCo1xlSK2kQ+6
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy