agenttesla | ac6c454cc4b65dfc6ad603f8dec0542bd0cdb03d9ab6e47759c21ab3c2588253 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ThriveEdit...ed.exe

windows7-x64

ThriveEdit...ed.exe

windows10-2004-x64

Sharing

General

Target

ThriveEditV2unpacked.exe
Size

5.9MB
Sample

240507-rj3rmaag2z
MD5

12f6acf0fdb2afe0dbc788ff98d4bf93
SHA1

ace41cd34e15f41b53687bba0e475f5feab9da66
SHA256

ac6c454cc4b65dfc6ad603f8dec0542bd0cdb03d9ab6e47759c21ab3c2588253
SHA512

8e6df87361d5b8d9cc15d7e2725c04db63aca16713557b8d7658c671f5ff2fafb6f39fcab97b9d18ea52cf78e9d5451bc125875d001ea17dfca6359b387c58a7
SSDEEP

98304:A52s231bwGAeRrqqg46O02B8kjuz6anB0JmgNhVRwS+KH4kpc+DX/0HN:S2s231AMrqqgrQBxanGcgRRwVKYOD

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ThriveEditV2unpacked.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ThriveEditV2unpacked.exe

Resource

win10v2004-20240419-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  ThriveEditV2unpacked.exe
- Size
  
  5.9MB
- MD5
  
  12f6acf0fdb2afe0dbc788ff98d4bf93
- SHA1
  
  ace41cd34e15f41b53687bba0e475f5feab9da66
- SHA256
  
  ac6c454cc4b65dfc6ad603f8dec0542bd0cdb03d9ab6e47759c21ab3c2588253
- SHA512
  
  8e6df87361d5b8d9cc15d7e2725c04db63aca16713557b8d7658c671f5ff2fafb6f39fcab97b9d18ea52cf78e9d5451bc125875d001ea17dfca6359b387c58a7
- SSDEEP
  
  98304:A52s231bwGAeRrqqg46O02B8kjuz6anB0JmgNhVRwS+KH4kpc+DX/0HN:S2s231AMrqqgrQBxanGcgRRwVKYOD
Score

10^/10

agenttesla keylogger spyware stealer trojan discovery persistence
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy