agenttesla | a13818c085ae6a086b8020857d505758c9a4be67da60651ed90cbbd0aac2fd60 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

f350ead728...e4.exe

windows7-x64

f350ead728...e4.exe

windows10-2004-x64

Sharing

General

Target

f350ead728719718a5656299b43adbe4
Size

648KB
Sample

231222-t27veaghdj
MD5

f350ead728719718a5656299b43adbe4
SHA1

8ba8ed7a1e1ed7cd5ff2d5c7b225d16b5ab88128
SHA256

a13818c085ae6a086b8020857d505758c9a4be67da60651ed90cbbd0aac2fd60
SHA512

d847f81689ebf26a5027d43339da98ce8495cbb40ee3487efc95d2ece6ffc8582e7f44426aa658d68d3e16e84d93d5bec75db17cab22c6fdcd05e00e6c0f0cdf
SSDEEP

12288:V53vR9uboUZLCYROqqBp87sVn+1PB9j7Ht9nR:V5Z92oU/UNiO+1PLtT

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f350ead728719718a5656299b43adbe4.exe

Resource

win7-20231215-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f350ead728719718a5656299b43adbe4.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://files.000webhost.com/
Port:
21
Username:
zinco
Password:
computer147

Targets

- Target
  
  f350ead728719718a5656299b43adbe4
- Size
  
  648KB
- MD5
  
  f350ead728719718a5656299b43adbe4
- SHA1
  
  8ba8ed7a1e1ed7cd5ff2d5c7b225d16b5ab88128
- SHA256
  
  a13818c085ae6a086b8020857d505758c9a4be67da60651ed90cbbd0aac2fd60
- SHA512
  
  d847f81689ebf26a5027d43339da98ce8495cbb40ee3487efc95d2ece6ffc8582e7f44426aa658d68d3e16e84d93d5bec75db17cab22c6fdcd05e00e6c0f0cdf
- SSDEEP
  
  12288:V53vR9uboUZLCYROqqBp87sVn+1PB9j7Ht9nR:V5Z92oU/UNiO+1PLtT
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy