agenttesla | d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101 | Triage

Submit
Reports

Overview

overview

Static

static

1

d9ddeb59d0...01.exe

windows7-x64

3

d9ddeb59d0...01.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101.exe
Size

131KB
Sample

240213-gcgwgafh7s
MD5

5384b6fe276b939ad1796fb339657ae1
SHA1

642e06baada1f7a6b9dd03f1cc19329b3c768bed
SHA256

d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101
SHA512

1680be53185e7016f97e5591293671162938bb2a8e469582e29f89ee20186ad338268a7e40f080276536d8b3d52c64b6043d068f294242d369a44a6e08b94e19
SSDEEP

3072:H55dqWrrsum+psCFbSC7GmCMY7pdk5+rTIXAJ:HsQo0sCFOvXTqAJ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
Kingdom12345@

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
Kingdom12345@

Targets

- Target
  
  d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101.exe
- Size
  
  131KB
- MD5
  
  5384b6fe276b939ad1796fb339657ae1
- SHA1
  
  642e06baada1f7a6b9dd03f1cc19329b3c768bed
- SHA256
  
  d9ddeb59d000d9b84549d00c2cf119878d16111a1a77e34c3405a22118cb3101
- SHA512
  
  1680be53185e7016f97e5591293671162938bb2a8e469582e29f89ee20186ad338268a7e40f080276536d8b3d52c64b6043d068f294242d369a44a6e08b94e19
- SSDEEP
  
  3072:H55dqWrrsum+psCFbSC7GmCMY7pdk5+rTIXAJ:HsQo0sCFOvXTqAJ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy