agenttesla | 84b3cfe305ad7e588e874960d21ed6fc728d0fcec8b354519193189c2831de36 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

40e21dd316...0f.exe

windows7-x64

40e21dd316...0f.exe

windows10-2004-x64

Sharing

General

Target

40e21dd3164606941550fca4b1577f0f
Size

559KB
Sample

240104-pvpb9saca3
MD5

40e21dd3164606941550fca4b1577f0f
SHA1

dbbbc776cb33d629afe7d154339650d7b9535289
SHA256

84b3cfe305ad7e588e874960d21ed6fc728d0fcec8b354519193189c2831de36
SHA512

3c92501e097e08675b54f4cc028655de8e0cba23b5559be7b55519403a55d481f1365f5ac55d53047b42ddf77e1cb2abd9ce0679da67c741a3b21c59a6416181
SSDEEP

12288:jG4Bcf5JJ4mGDtUG3MwJb7qBMOgsJLUBwggkPp:jG40t4mUnMwJCws

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

40e21dd3164606941550fca4b1577f0f.exe

Resource

win7-20231129-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

40e21dd3164606941550fca4b1577f0f.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.tractorandinas.com/
Port:
21
Username:
[email protected]
Password:
~P*xO7vPBc-o

Targets

- Target
  
  40e21dd3164606941550fca4b1577f0f
- Size
  
  559KB
- MD5
  
  40e21dd3164606941550fca4b1577f0f
- SHA1
  
  dbbbc776cb33d629afe7d154339650d7b9535289
- SHA256
  
  84b3cfe305ad7e588e874960d21ed6fc728d0fcec8b354519193189c2831de36
- SHA512
  
  3c92501e097e08675b54f4cc028655de8e0cba23b5559be7b55519403a55d481f1365f5ac55d53047b42ddf77e1cb2abd9ce0679da67c741a3b21c59a6416181
- SSDEEP
  
  12288:jG4Bcf5JJ4mGDtUG3MwJb7qBMOgsJLUBwggkPp:jG40t4mUnMwJCws
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy