agenttesla | 8c7efed8c12db6a810810197cbad0da9e66457a01bf04edebe871f6406425803 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

IMG_4517053111.zip

windows10-1703-x64

Sharing

General

Target

IMG_4517053111.zip
Size

5.8MB
Sample

231123-kc5t3sgf94
MD5

fc54dae351501f1bae4b44a538fc785d
SHA1

60c766aa647a01adc67337acb932246b2aad567b
SHA256

8c7efed8c12db6a810810197cbad0da9e66457a01bf04edebe871f6406425803
SHA512

c22eb6cef1638449043c38b31b38f23b89aa516a54e5468fcbb4a90c8495aa77a967b615cc9df1bef10dfc80c31f9f85b035aa54f2a1c0c3ca3218bb6d462871
SSDEEP

98304:DiJRkYMienogByD2GlkhNV2VvQuK9at5g6CinwBnXSmVNBAKOHE5wq0L8O:ARkYMHpk2GlkNVgQAfdCiwRiOP9nU7

Score

10^/10

agenttesla vjw0rm keylogger spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

IMG_4517053111.zip

Resource

win10-20231020-en

agenttesla vjw0rm keylogger spyware stealer trojan worm

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6811423600:AAG2aeIaNsb7KhtKp1Js71i-PwGY1zN7uIg/

Targets

- Target
  
  IMG_4517053111.zip
- Size
  
  5.8MB
- MD5
  
  fc54dae351501f1bae4b44a538fc785d
- SHA1
  
  60c766aa647a01adc67337acb932246b2aad567b
- SHA256
  
  8c7efed8c12db6a810810197cbad0da9e66457a01bf04edebe871f6406425803
- SHA512
  
  c22eb6cef1638449043c38b31b38f23b89aa516a54e5468fcbb4a90c8495aa77a967b615cc9df1bef10dfc80c31f9f85b035aa54f2a1c0c3ca3218bb6d462871
- SSDEEP
  
  98304:DiJRkYMienogByD2GlkhNV2VvQuK9at5g6CinwBnXSmVNBAKOHE5wq0L8O:ARkYMHpk2GlkNVgQAfdCiwRiOP9nU7
Score

10^/10

agenttesla vjw0rm keylogger spyware stealer trojan worm
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslavjw0rmkeyloggerspywarestealertrojanworm

© 2018-2025

Terms | Privacy