agenttesla | ddfa7fe7c01cfa34c2413acc83e9f11eace8bc09e80128da2b5e2e61284df9ff | Triage

Submit
Reports

Overview

overview

Static

static

3

7bda5add0d...fb.exe

windows7-x64

7bda5add0d...fb.exe

windows10-2004-x64

Sharing

General

Target

7bda5add0d4ba2c5b1810e9f44a6c6fb
Size

1017KB
Sample

240128-cdd4raagcp
MD5

7bda5add0d4ba2c5b1810e9f44a6c6fb
SHA1

857ec2f81068823ea37da355fa8fef8396230eac
SHA256

ddfa7fe7c01cfa34c2413acc83e9f11eace8bc09e80128da2b5e2e61284df9ff
SHA512

f39060cc82a5d3ad738ca362406494fd1c7fdb7bc352c67a3f9f77cdc13a4f74a5464f1f226f9f08ecf75f9358955e28c2199bd676d8b99ad1b9b760b63435ce
SSDEEP

12288:5SUkOyTh0sQQ3XFkdhhgxw56hHb4ApqblAOnGh:5lrRLQnOJgsKMAAxG

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7bda5add0d4ba2c5b1810e9f44a6c6fb.exe

Resource

win7-20231129-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7bda5add0d4ba2c5b1810e9f44a6c6fb.exe

Resource

win10v2004-20231215-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.northsrockusa.com/
Port:
21
Username:
info@northsrockusa.com
Password:
(P%T2swlhOf}

Targets

- Target
  
  7bda5add0d4ba2c5b1810e9f44a6c6fb
- Size
  
  1017KB
- MD5
  
  7bda5add0d4ba2c5b1810e9f44a6c6fb
- SHA1
  
  857ec2f81068823ea37da355fa8fef8396230eac
- SHA256
  
  ddfa7fe7c01cfa34c2413acc83e9f11eace8bc09e80128da2b5e2e61284df9ff
- SHA512
  
  f39060cc82a5d3ad738ca362406494fd1c7fdb7bc352c67a3f9f77cdc13a4f74a5464f1f226f9f08ecf75f9358955e28c2199bd676d8b99ad1b9b760b63435ce
- SSDEEP
  
  12288:5SUkOyTh0sQQ3XFkdhhgxw56hHb4ApqblAOnGh:5lrRLQnOJgsKMAAxG
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.