agenttesla | bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a2ed4963df...86.exe

windows7-x64

a2ed4963df...86.exe

windows10-2004-x64

Sharing

General

Target

a2ed4963dfd45090c2112b7ba2422f86.exe
Size

453KB
Sample

240107-yawqaadfa2
MD5

a2ed4963dfd45090c2112b7ba2422f86
SHA1

2bcef9993ffb483d5b7a8d482c00d33c71a28a02
SHA256

bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1
SHA512

57891e845c2dcaf071ef6e5bae4a6cbb93789f563d84481d1447d4c36aa9f4f13f9d32d743672d8dcd293c1129c2f14e23804f7a19aaa8e0a3e9378e04b4d911
SSDEEP

6144:2Eul21llAVOCt6ZJJbrr8pMnGdBI+cHGBJqaavKrfO2zPmuliN63z3BlO:WEiCtIKGdBIjqJWKqpugN63H

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a2ed4963dfd45090c2112b7ba2422f86.exe

Resource

win7-20231215-en

agenttesla keylogger spyware stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2ed4963dfd45090c2112b7ba2422f86.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.mohhg.com
Port:
587
Username:
[email protected]
Password:
r:1{cNw4}vJc

Targets

- Target
  
  a2ed4963dfd45090c2112b7ba2422f86.exe
- Size
  
  453KB
- MD5
  
  a2ed4963dfd45090c2112b7ba2422f86
- SHA1
  
  2bcef9993ffb483d5b7a8d482c00d33c71a28a02
- SHA256
  
  bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1
- SHA512
  
  57891e845c2dcaf071ef6e5bae4a6cbb93789f563d84481d1447d4c36aa9f4f13f9d32d743672d8dcd293c1129c2f14e23804f7a19aaa8e0a3e9378e04b4d911
- SSDEEP
  
  6144:2Eul21llAVOCt6ZJJbrr8pMnGdBI+cHGBJqaavKrfO2zPmuliN63z3BlO:WEiCtIKGdBIjqJWKqpugN63H
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy