agenttesla | fe6c0382f552acc39f0c6c3a2d902c74073cf00e991299a3893a01f6d3bbea72 | Triage

Submit
Reports

Overview

overview

Static

static

3

593c1796ac...30.exe

windows7-x64

593c1796ac...30.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

593c1796ac0533ce256b6ecf30a01a30
Size

1.2MB
Sample

240113-vf5zcsdfe3
MD5

593c1796ac0533ce256b6ecf30a01a30
SHA1

5c1fb0f5247e94288ebba13d397de9ef433c8a1c
SHA256

fe6c0382f552acc39f0c6c3a2d902c74073cf00e991299a3893a01f6d3bbea72
SHA512

7ab6e62c7c58e34eedf304701be199f3a1aa957dcf7f502d34a7229fac2364c3e7cfcaa547ce8671c2bcd7c7a8cd7b4da3bc97f33c71103d52bdb454ca6b9311
SSDEEP

24576:mYcsCmrF22OsBgo0q4wMz6d/HfDjLKnHQgd5:mn/oHMzgjgH3

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

593c1796ac0533ce256b6ecf30a01a30.exe

Resource

win7-20231129-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

593c1796ac0533ce256b6ecf30a01a30.exe

Resource

win10v2004-20231215-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server291.web-hosting.com
Port:
587
Username:
[email protected]
Password:
riches22@123456

Targets

- Target
  
  593c1796ac0533ce256b6ecf30a01a30
- Size
  
  1.2MB
- MD5
  
  593c1796ac0533ce256b6ecf30a01a30
- SHA1
  
  5c1fb0f5247e94288ebba13d397de9ef433c8a1c
- SHA256
  
  fe6c0382f552acc39f0c6c3a2d902c74073cf00e991299a3893a01f6d3bbea72
- SHA512
  
  7ab6e62c7c58e34eedf304701be199f3a1aa957dcf7f502d34a7229fac2364c3e7cfcaa547ce8671c2bcd7c7a8cd7b4da3bc97f33c71103d52bdb454ca6b9311
- SSDEEP
  
  24576:mYcsCmrF22OsBgo0q4wMz6d/HfDjLKnHQgd5:mn/oHMzgjgH3
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy