agenttesla | 4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806 | Triage

Submit
Reports

Overview

overview

Static

static

1

4dca7ede59...06.exe

windows7-x64

4dca7ede59...06.exe

windows10-2004-x64

Sharing

General

Target

4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806
Size

625KB
Sample

240522-bq1mvafg92
MD5

0822908fbfcc022427466310b7b3fed9
SHA1

93f3c5538fc46196ecfa6a3c640764cddccb55f8
SHA256

4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806
SHA512

3f159709f418ee54b48fc4b5eea5b23883db9a8a4ff6c6028f452f1b3d48f977a939719f9a7cb37ced763ed7d76525d307b76e2f364a8b7209d28c5be9e93dfd
SSDEEP

12288:nxXykKbChb02qKJliA8Zfq7ZOEGZzdiXaZxtQayJEUanyLz3qbIbLad1:QkpfOfAw3p8KBBnyfqbbH

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806.exe

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6433049610:AAGUidZzrUI9AQcALQrkJj8CAwaWlAMgQYs/

Targets

- Target
  
  4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806
- Size
  
  625KB
- MD5
  
  0822908fbfcc022427466310b7b3fed9
- SHA1
  
  93f3c5538fc46196ecfa6a3c640764cddccb55f8
- SHA256
  
  4dca7ede5929a4df01372e8f3de061b3bc31c787c308173e714e5e9d49486806
- SHA512
  
  3f159709f418ee54b48fc4b5eea5b23883db9a8a4ff6c6028f452f1b3d48f977a939719f9a7cb37ced763ed7d76525d307b76e2f364a8b7209d28c5be9e93dfd
- SSDEEP
  
  12288:nxXykKbChb02qKJliA8Zfq7ZOEGZzdiXaZxtQayJEUanyLz3qbIbLad1:QkpfOfAw3p8KBBnyfqbbH
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy