agenttesla | b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78 | Triage

Submit
Reports

Overview

overview

Static

static

1

AnyDesk.exe

windows10-1703-x64

Sharing

General

Target

AnyDesk.exe
Size

3.0MB
Sample

240503-megalsed47
MD5

eb80f7bddb699784baa9fbf2941eaf4a
SHA1

df6abbfd20e731689f3c7d2a55f45ac83fbbc40b
SHA256

b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78
SHA512

3a1162e9fef849cb7143dc1898d4cfcfd87eb80ced0edb321dfa096686b25ae8a9a7f3ae8f37a09724d94f96d64e08940fc23c0b931ddd8a1e70e2792cb3fe47
SSDEEP

98304:6aJXyQTrRGlSMoIuORmKBQielvZlpkiSti:3olMcR9BTY3WS

Score

10^/10

agenttesla privateloader discovery keylogger loader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win10-20240404-en

agenttesla privateloader discovery keylogger loader spyware stealer trojan

windows10-1703-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  3.0MB
- MD5
  
  eb80f7bddb699784baa9fbf2941eaf4a
- SHA1
  
  df6abbfd20e731689f3c7d2a55f45ac83fbbc40b
- SHA256
  
  b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78
- SHA512
  
  3a1162e9fef849cb7143dc1898d4cfcfd87eb80ced0edb321dfa096686b25ae8a9a7f3ae8f37a09724d94f96d64e08940fc23c0b931ddd8a1e70e2792cb3fe47
- SSDEEP
  
  98304:6aJXyQTrRGlSMoIuORmKBQielvZlpkiSti:3olMcR9BTY3WS
Score

10^/10

agenttesla privateloader discovery keylogger loader spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- AgentTesla payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaprivateloaderdiscoverykeyloggerloaderspywarestealertrojan

© 2018-2025

Terms | Privacy