agenttesla | 8a2ff741ef3d1386ee89e8d84be4f2fc4fb194ac321a687e70bdcc3908edf38b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

23806e1b81...64.exe

windows7-x64

23806e1b81...64.exe

windows10-2004-x64

Sharing

General

Target

3431cb842330770cdcd77c7b18fb3825.bin
Size

662KB
Sample

240224-bv146sdg75
MD5

e42b2edea7c4666757139dd56ccc0f2a
SHA1

e8afe92d77bc326ab63b75a4d1e869b39cf927b5
SHA256

8a2ff741ef3d1386ee89e8d84be4f2fc4fb194ac321a687e70bdcc3908edf38b
SHA512

a812b5a026f8109c913c79393fdcdc0afbd0367cf0e369aa3703fe2bc42e469bbe47a11a7af1354143d8dddc7640b118f9102e9e32c0c246a511312bf7b9fe77
SSDEEP

12288:tpmzmcXgznKPN/ucOja9EE1mUHi3RFxrSWpFGcpqlTyeK1JB6vh5NsS8:tPqgzmNmja95UUYEWpLMlueK1n6v5sv

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe

Resource

win10v2004-20240221-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.itresinc.com
Port:
587
Username:
[email protected]
Password:
MT]ANFjWzKTA
Email To:
[email protected]

Targets

- Target
  
  23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe
- Size
  
  687KB
- MD5
  
  3431cb842330770cdcd77c7b18fb3825
- SHA1
  
  a2092b85970c2e60d0c697718516e8db18298608
- SHA256
  
  23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64
- SHA512
  
  f4dfbf95ffd52b8d413ee92b9132361b2a5ccfce3650229ac2cc67d8c66ce23104e7133ef0424c5e53c88564add291a947659e12851ffa83898507b119e5f730
- SSDEEP
  
  12288:ows/3P5Ujd53Llv+7UNJksS8xrmo3P2JBIBOV8vgmeS71Ovh:cBK5hTxrBv4S71s
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy