agenttesla | 6ac999a2ef584acc00e14f5e3359b15a9f1edffd22501de55cc1403de3603d18 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

d54fdb5d73...c7.exe

windows7-x64

d54fdb5d73...c7.exe

windows10-2004-x64

Sharing

General

Target

6ac999a2ef584acc00e14f5e3359b15a9f1edffd22501de55cc1403de3603d18
Size

643KB
Sample

240511-kkn7ashe3t
MD5

484e3d0aa5a64897a0d316a7b38239eb
SHA1

71965a4bb45c5214e8c2681828ad12c8851051fe
SHA256

6ac999a2ef584acc00e14f5e3359b15a9f1edffd22501de55cc1403de3603d18
SHA512

55bd3b5b12d5b7ca70529b239ceee105d53a2a0e40501cd01cf4093a101598928d3a45f3440f558996dbff531581c17b24fefc7e2e71fd7f59767c82dae2487e
SSDEEP

12288:Km2BR19GHdqGv6w+v16//3jo+L66bPXN9AIWRPHfWFVyVUeyP4BVwz+CY:KmU1uqGiBvw/3jO6bojF/+IVUeyP6GnY

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d54fdb5d73a15239d0d6f187dbf737cb1f5efa584c92b37d1ad64b8e076045c7.exe

Resource

win7-20240419-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d54fdb5d73a15239d0d6f187dbf737cb1f5efa584c92b37d1ad64b8e076045c7.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6698844298:AAF9oR0Jf7k4zXD2nMFwUYBsEQgGIs_Be9c/

Targets

- Target
  
  d54fdb5d73a15239d0d6f187dbf737cb1f5efa584c92b37d1ad64b8e076045c7.exe
- Size
  
  1.1MB
- MD5
  
  9270383983cd04e811a7caa8a4ee5f5b
- SHA1
  
  97412ef26cbd4745b15d6e41dba416103fc98924
- SHA256
  
  d54fdb5d73a15239d0d6f187dbf737cb1f5efa584c92b37d1ad64b8e076045c7
- SHA512
  
  e806337642a270962193c535ca8f463bab2bb711576dde877039798ee20952d96df0c6d42c6d51e71ace83375c17e3fcd5eb83587651ec9cbf4b5b48278a39a1
- SSDEEP
  
  24576:OqDEvCTbMWu7rQYlBQcBiT6rprG8asC6NRh:OTvC/MTQYxsWR7asJP
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.