agenttesla | 3815101c5ff661efe0addad4ecdbae6a838710ac790b0db369b405cd7ace3d05 | Triage

Submit
Reports

Overview

overview

Static

static

1

ALL THE DOCUMENTS.cmd

windows7-x64

7

ALL THE DOCUMENTS.cmd

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3815101c5ff661efe0addad4ecdbae6a838710ac790b0db369b405cd7ace3d05
Size

767KB
Sample

231013-b7htcsbf68
MD5

fa7f8bc388dd31c888d91431bc70553f
SHA1

77ee8db37666a7d12d8b918347f9db90ac8132c1
SHA256

3815101c5ff661efe0addad4ecdbae6a838710ac790b0db369b405cd7ace3d05
SHA512

4ec3f5ba3b2055b2babfacffb6bfd8822f48ae77336852c19cc81493f7e677125e906fec495dceb28b7caafaffd58fbe361ec456a861a35963008eb30b531507
SSDEEP

12288:iPd+qmfNe1kq90URtf/Slb4pHnY1psBxdmSGhnMYgdYCSo8vMvNXWhYPZamQZ4Mp:Dq0N636URtfqlb4pHY1pv3MjHR8vM4hx

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ALL THE DOCUMENTS.cmd

Resource

win7-20230831-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ALL THE DOCUMENTS.cmd

Resource

win10v2004-20230915-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://files.000webhost.com
Port:
21
Username:
tain77
Password:
Computer@666

Targets

- Target
  
  ALL THE DOCUMENTS.cmd
- Size
  
  1016KB
- MD5
  
  0750a2dd5c352fa5aa490daa846b7134
- SHA1
  
  8711021d83d4e14b73f0f33563198d757770180d
- SHA256
  
  c23ff07c6515d3cf53fc1bc717923cf601bf61bc5f6d578bdfaaef907510ce18
- SHA512
  
  711fd8aa94dfccfbc36809aba1fc4f0c17c253df8226b2ebf8f5bdbeca540f7575fde88f0d7b4505a85954f55a6d3a7b580339cf533b92515eb1f90401ed8c27
- SSDEEP
  
  12288:JepGlcsoNthxjmjTe/6lglFpqRmjzeu1knuukdp2gJOv1h2/rCFUBer056vFNXU4:5csomjSmQpMAeuanufJYfFF45sX40fl
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy