agenttesla | 0d4b0a4fefb90179721e44532b4ae843d02153a6194cc1f10e26eeb2b33ad867 | Triage

Submit
Reports

Overview

overview

Static

static

3

RFQGTM-24.00517.exe

windows7-x64

RFQGTM-24.00517.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

RFQGTM-24.00517.gz
Size

591KB
Sample

240112-sfeq3aacaj
MD5

1b047ac57353b359fe015e9b4f527b24
SHA1

ac3e60f5f811115eeb0009334c180327c22123a3
SHA256

0d4b0a4fefb90179721e44532b4ae843d02153a6194cc1f10e26eeb2b33ad867
SHA512

adac97771a56403bf91a2032312d71be43bb846058709e50da6281efe23125eb67b55a24e0019b1ec86fbb0c25cc0ec7f08d1d6f167a35a0715ae4c680f52711
SSDEEP

12288:uLSTX+o4Xc89gbNPZH2lUgTcmF7uFwx3N/4KBLrDxXwUg2zk1v:uSLd4XiNP4lUgTc5F4/4cTWUgsk1

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RFQGTM-24.00517.exe

Resource

win7-20231129-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQGTM-24.00517.exe

Resource

win10v2004-20231222-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.wrklearning.com
Port:
587
Username:
[email protected]
Password:
worke2300
Email To:
[email protected]

Targets

- Target
  
  RFQGTM-24.00517.exe
- Size
  
  636KB
- MD5
  
  9a9614c35b727e775b6caa76288f0cac
- SHA1
  
  6496488ab83f5a91a55836001fb112aece4e0fd3
- SHA256
  
  c2e5b26406d40a22506ea5af3faeb0cbd42bace40ce80e5c1d69b345b014f17c
- SHA512
  
  ee539a7072c5105e2bfd6f14f542ecae279883072a556ab52ac4f82e5658fd59aa6d1f7ecd2fc6b0651b4ac9dbe6296a03059046d6e163e32ec89d24791dbb0b
- SSDEEP
  
  12288:OeebOJgKkMa+RzjP3EUgX4QFNunwV3N/yWBLrTn0+0T5m1YW:Uegwa4jP3EUgX4Dne/ywDH0tkYW
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy