agenttesla | c29c56a3681fb8d2f46ca4e7070f088e2e7c8f8b11c3d4218c79b91778c3536e | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...08.exe

windows7-x64

SecuriteIn...08.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.PWSX-gen.23586.1908.exe
Size

776KB
Sample

231115-k9lgpsgg6x
MD5

9ca8294b417aefdaf42ebf524fa896b0
SHA1

b5c5182ac9949b9729e90edb921230504e6a8d33
SHA256

c29c56a3681fb8d2f46ca4e7070f088e2e7c8f8b11c3d4218c79b91778c3536e
SHA512

3e6d3e6cd34db549d46ad74bdca8828bb50299f737bd420f570a4d9325e436def75410c66ff0e61b31b6ce2b2ffcb57732be86dda2daa560ba4b86e76beef239
SSDEEP

12288:grrVZPYuPMlETIBgXTeGmspYXDvFz1uhV6iVNWtf4UE4g02TV6H8A9WBn:wrbjMfGmRXDF12V6iVNWRR9z

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.23586.1908.exe

Resource

win7-20231020-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.23586.1908.exe

Resource

win10v2004-20231023-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
merajlimited.com
Port:
587
Username:
[email protected]
Password:
Pa$$word786
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.23586.1908.exe
- Size
  
  776KB
- MD5
  
  9ca8294b417aefdaf42ebf524fa896b0
- SHA1
  
  b5c5182ac9949b9729e90edb921230504e6a8d33
- SHA256
  
  c29c56a3681fb8d2f46ca4e7070f088e2e7c8f8b11c3d4218c79b91778c3536e
- SHA512
  
  3e6d3e6cd34db549d46ad74bdca8828bb50299f737bd420f570a4d9325e436def75410c66ff0e61b31b6ce2b2ffcb57732be86dda2daa560ba4b86e76beef239
- SSDEEP
  
  12288:grrVZPYuPMlETIBgXTeGmspYXDvFz1uhV6iVNWtf4UE4g02TV6H8A9WBn:wrbjMfGmRXDF12V6iVNWRR9z
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy