agenttesla | 96b3d5d0c076c995584f609bf2221cadec07da6fe45a3680bd55a7fdfc4dd6b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

4c98e73ad9...72.exe

windows7-x64

4c98e73ad9...72.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b419d8724f97769becff1367e8b53966.bin
Size

626KB
Sample

231126-cccvased91
MD5

0a752dc00b8edc37b54e4a2398b67f3d
SHA1

5889ba4c25ceebe5d62bddda6eeabf76842b6ae8
SHA256

96b3d5d0c076c995584f609bf2221cadec07da6fe45a3680bd55a7fdfc4dd6b5
SHA512

b20deb5ed8ed332235a476a358edb81b5bc87606e4aacf7fcad80c9228e378b7f3631ec9648129cf83e908ddaa5d9f4c254de26512ebd0c3f2b3dc778b46bc71
SSDEEP

12288:Q1wdkbHHRdAJs8f6/fMuF4yx3buuUdghSUnnlTX51dwtmJHkrWL2B0KXhCX:Q1tHkDsMuFP3b9ugdtX51/JzL2BdxG

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4c98e73ad9fc8d3a97d2bf372165d819c2c9db0fcf1e0fafb742749dc0392a72.exe

Resource

win7-20231020-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c98e73ad9fc8d3a97d2bf372165d819c2c9db0fcf1e0fafb742749dc0392a72.exe

Resource

win10v2004-20231023-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acestar.com.ph
Port:
587
Username:
[email protected]
Password:
cssubic@12345
Email To:
[email protected]

Targets

- Target
  
  4c98e73ad9fc8d3a97d2bf372165d819c2c9db0fcf1e0fafb742749dc0392a72.exe
- Size
  
  680KB
- MD5
  
  b419d8724f97769becff1367e8b53966
- SHA1
  
  58765b51bf6ebee89b085dda047f06ab106b3cbd
- SHA256
  
  4c98e73ad9fc8d3a97d2bf372165d819c2c9db0fcf1e0fafb742749dc0392a72
- SHA512
  
  d2ffcd6795c7a27ec447db34215ae7112bb535173fa0a05625e901ce1565312445ebc6cfdecce2fd2466a911a1e1b87bfd0f28d672fb97a771a62b333b71be62
- SSDEEP
  
  12288:AE6jD/9P5z5gF31Y7BBnuwVl2aUBR9aD/TZTXVKCTENz:AtD/9PhSF3Utz2F9aDdLUcEN
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy