agenttesla | dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ad30717124...3a.exe

windows7-x64

ad30717124...3a.exe

windows10-2004-x64

Sharing

General

Target

dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c
Size

666KB
Sample

240417-ry24msdg7w
MD5

f2b9d62c09ab2759b02b99e5c029370e
SHA1

20527a71b9ee37753dcce46468d75cc33fb5c704
SHA256

dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c
SHA512

cb6c62b763d21597d25307720f05bf5ec25618246c87cf45953e78409323e0650167c894638e531f3f3111b41ba5de78805d751c4bf154622565fc060b43ef61
SSDEEP

12288:DrnQwGSi8q0gYd+3DDuFcUa5j8Obo67zIdlakurXMgKgw6UnGbeN7BBgIqQGs/MZ:DzGSi8q7mYDupa5j8H6fIdQRX9FUseBe

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5935236817:AAFQXd5DfJIspEP49cvtN8EkM-g0qi2ZyW8/

Targets

- Target
  
  ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
- Size
  
  747KB
- MD5
  
  ec6e0608754df82d29771061ba8e5bb0
- SHA1
  
  87be8fef2e23ad39099fbfbea85f9778d0b597ad
- SHA256
  
  ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a
- SHA512
  
  4ba4dfee9dc84fdf01ef8b4791597bf49b90e8cd561aaf4340b29bb955967b610e5f230c10e8cce723a278daba65987929ae54fd2468ee000d2ed76d58846a7a
- SSDEEP
  
  12288:JyRAYQ4LsQw/1sX75cPblhP4JoqfRR+bMXQb2wCWbF612k+NFQ1jt8TFpWO7j94+:+AC+/1G5cPJhQeqfT+bMXQb2Qjc1ju/8
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy