agenttesla | 73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb | Triage

Submit
Reports

Overview

overview

Static

static

1

73d41e6765...fb.vbs

windows7-x64

73d41e6765...fb.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb.vbs
Size

166KB
Sample

240319-czbwhsfg8v
MD5

f62a2d1490e32ee4ad577ebdd45cd1c4
SHA1

9df72109bfd7e46363d43ecd57532d4b938d2afa
SHA256

73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb
SHA512

3ede7e4ea379c38e84c6dfe30ee2a82cc08f54ee92386ffa69092907c792155bd88521689384a4dd940869cfa22c8dea5e3cf3c103fa48e5407d762b5451812d
SSDEEP

3072:sA4yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNRtt2OY37bZtwbS0L3gFgCiah4eP:sA4yENVOY0NpVXpK68kH3DPbkhZi3eN+

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb.vbs

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb.vbs

Resource

win10v2004-20240226-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tecniseal.es
Port:
587
Username:
[email protected]
Password:
12348*tecniseal
Email To:
[email protected]

Targets

- Target
  
  73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb.vbs
- Size
  
  166KB
- MD5
  
  f62a2d1490e32ee4ad577ebdd45cd1c4
- SHA1
  
  9df72109bfd7e46363d43ecd57532d4b938d2afa
- SHA256
  
  73d41e6765a44bba2ad12ea9bfa052ffd5366e73c9355675439c2aa240a33efb
- SHA512
  
  3ede7e4ea379c38e84c6dfe30ee2a82cc08f54ee92386ffa69092907c792155bd88521689384a4dd940869cfa22c8dea5e3cf3c103fa48e5407d762b5451812d
- SSDEEP
  
  3072:sA4yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNRtt2OY37bZtwbS0L3gFgCiah4eP:sA4yENVOY0NpVXpK68kH3DPbkhZi3eN+
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy