agenttesla | 8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

d8286c3d02...ae.exe

windows7-x64

d8286c3d02...ae.exe

windows10-2004-x64

Sharing

General

Target

8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8
Size

750KB
Sample

240417-rxd1esdf7x
MD5

f00efa618af9535800131867973acae0
SHA1

5f761d93ccd868ee2eb5cd3a0d4d547266c0f2a8
SHA256

8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8
SHA512

41fe04f3b9cfa25ef00d64dc6db2322449445902860cb0ea0470a744ce8686b57ae2e0d227b9b6890f0e486434f44f7b7ff59ce23112211518a39c6cf9bfc5e1
SSDEEP

12288:istNCWdH0Pld6EMJc/TeiNsn+T9zeZYLdCh2sQFDQ5akT6yDtCLjGL5UHW2iRDfs:ptUWmzgcNNW8AOLdCh2saQ5akT7GCiHT

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe

Resource

win10v2004-20240412-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.epressong.com
Port:
587
Username:
[email protected]
Password:
hkZsJ$e2
Email To:
[email protected]

Targets

- Target
  
  d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe
- Size
  
  781KB
- MD5
  
  5b43ef2d931de1993c4248bf399c1fd8
- SHA1
  
  ed608317e496b4518c80bd4cd57c8172df8cd484
- SHA256
  
  d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae
- SHA512
  
  a4d31809ed1f3abc4df4f840bf6bb884470badbd00b37666536bf68c33e9cf24a712dda9e0530625256b488f69fcc381338f705d4306cbf6a5ddadc145ecd2af
- SSDEEP
  
  24576:yV68yq0N46w9Bk+pO4rhiRsUVI6AMH9cx:yVsqCiDpHQR10MH
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy