agenttesla | 7a387acbd5bb25530813087436b2207051b361ae1e6d32f451958732cdb3b7f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...41.exe

windows7-x64

SecuriteIn...41.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.PWSX-gen.19641.24362
Size

614KB
Sample

240125-lmqzcadgfl
MD5

ebb3d46dcc300a4959e5593802fa8593
SHA1

afb3a6e97cbfa865e7f9a3bc86612ce228459f1a
SHA256

7a387acbd5bb25530813087436b2207051b361ae1e6d32f451958732cdb3b7f4
SHA512

c789be8f1d7b3ede896ae8236f4fd608ca94b40e225091cc06032c8696e6ed760e90e71f7e6a20d9ea0ae21ae0d5282e5cd82708d5327152d90c66a9b5ea8200
SSDEEP

12288:PU3YdsfPWad4abtOrgU+h5A595HecbQvOYVcNifk/cAR:PJOGadhROr1lxFEG6cs

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.19641.exe

Resource

win7-20231129-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.19641.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.wasstech.com
Port:
587
Username:
[email protected]
Password:
Sunray2700@@
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.19641.24362
- Size
  
  614KB
- MD5
  
  ebb3d46dcc300a4959e5593802fa8593
- SHA1
  
  afb3a6e97cbfa865e7f9a3bc86612ce228459f1a
- SHA256
  
  7a387acbd5bb25530813087436b2207051b361ae1e6d32f451958732cdb3b7f4
- SHA512
  
  c789be8f1d7b3ede896ae8236f4fd608ca94b40e225091cc06032c8696e6ed760e90e71f7e6a20d9ea0ae21ae0d5282e5cd82708d5327152d90c66a9b5ea8200
- SSDEEP
  
  12288:PU3YdsfPWad4abtOrgU+h5A595HecbQvOYVcNifk/cAR:PJOGadhROr1lxFEG6cs
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy