agenttesla | 0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

0b04c0f6f1...0a.rtf

windows7-x64

0b04c0f6f1...0a.rtf

windows10-2004-x64

1

Sharing

General

Target

0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
Size

85KB
Sample

240511-bjqjasfc45
MD5

0a95eb4fe0f14eeb018e0f9488261092
SHA1

2a36232c5c469995576bf4cd944d4e0651661a65
SHA256

0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
SHA512

e1d4bda32e7eadc56d2edaf9908a9950b4549bdb67181b94e03a31adf5ce02004d6e15b17a0fef371fe63419c6c14c46c45698197b558473da07aeb49fb976f5
SSDEEP

1536:5EghNQcNcM+8HF2jUZMOdSJcKOT3UMM1Fe8t8fCXRzGJYPnPEAcif1P5RzhRPSU4:5VI8HEjUZMOdSJcVTKGY86c2ntcif1PO

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a.rtf

Resource

win7-20240419-en

agenttesla execution keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a.rtf

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.folder.ro
Port:
21
Username:
[email protected]
Password:
R2r76%(3v^H0

Targets

- Target
  
  0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
- Size
  
  85KB
- MD5
  
  0a95eb4fe0f14eeb018e0f9488261092
- SHA1
  
  2a36232c5c469995576bf4cd944d4e0651661a65
- SHA256
  
  0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
- SHA512
  
  e1d4bda32e7eadc56d2edaf9908a9950b4549bdb67181b94e03a31adf5ce02004d6e15b17a0fef371fe63419c6c14c46c45698197b558473da07aeb49fb976f5
- SSDEEP
  
  1536:5EghNQcNcM+8HF2jUZMOdSJcKOT3UMM1Fe8t8fCXRzGJYPnPEAcif1P5RzhRPSU4:5VI8HEjUZMOdSJcVTKGY86c2ntcif1PO
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy