agenttesla | a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a259f2efb8...8c.exe

windows7-x64

a259f2efb8...8c.exe

windows10-2004-x64

Sharing

General

Target

a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
Size

167KB
Sample

240308-ca7a5adb3y
MD5

023a380d41ff5da1d2e505f3028c2733
SHA1

4db196075040aef5e5bcd8aa2e567e4fbd8a59a0
SHA256

a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
SHA512

ed474270274370789988e7aea9adfdc9b430882d603f5adee9a5d8efa72fe1c0505dc5c90e60642725c10b640d635b3615f20112913b0d5b6a0ee14db22e1cef
SSDEEP

3072:yxyZgu92s76Mzb9QOosKerONy0w8AJT7GmCMY7pdkW:yxsgu92s7LzVhVrONy0wro

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
$%M4,p)]vd1=

Extracted

Credentials

Protocol: ftp
Host:
ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
$%M4,p)]vd1=

Targets

- Target
  
  a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
- Size
  
  167KB
- MD5
  
  023a380d41ff5da1d2e505f3028c2733
- SHA1
  
  4db196075040aef5e5bcd8aa2e567e4fbd8a59a0
- SHA256
  
  a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
- SHA512
  
  ed474270274370789988e7aea9adfdc9b430882d603f5adee9a5d8efa72fe1c0505dc5c90e60642725c10b640d635b3615f20112913b0d5b6a0ee14db22e1cef
- SSDEEP
  
  3072:yxyZgu92s76Mzb9QOosKerONy0w8AJT7GmCMY7pdkW:yxsgu92s7LzVhVrONy0wro
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy