agenttesla | 16519d5d018c13766cad3838bb859e303c0213b3776039c1159793eceb2e282c | Triage

Submit
Reports

Overview

overview

Static

static

3

710d878e3a...18.exe

windows7-x64

710d878e3a...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

710d878e3a619723cb42dcd9e4ffbdc0_JaffaCakes118
Size

592KB
Sample

240525-gn9qmagf54
MD5

710d878e3a619723cb42dcd9e4ffbdc0
SHA1

54527dbdb0b16ddb88030af0b41eb43bbfb9b883
SHA256

16519d5d018c13766cad3838bb859e303c0213b3776039c1159793eceb2e282c
SHA512

30550a01d4a716b5b6a5a6fae971a813eb125db99729040358dcaea673e8fcb101cd5899a0d102c7a536ce33ed2c6da617d5fd89f3ddaa15cdd7af1cf696bb8f
SSDEEP

12288:vJ+N2WqjSFcZbvuUJCRXCqVxLcoYqR6jL/Ix4XoFu:vJWZyvv4R9bHY1I2b

Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

710d878e3a619723cb42dcd9e4ffbdc0_JaffaCakes118.exe

Resource

win7-20240508-en

agenttesla collection evasion keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

710d878e3a619723cb42dcd9e4ffbdc0_JaffaCakes118.exe

Resource

win10v2004-20240508-en

agenttesla collection evasion keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bosut.mk
Port:
587
Username:
[email protected]
Password:
0XsKEemhd6EE

Extracted

Credentials

Protocol: smtp
Host:
mail.bosut.mk
Port:
587
Username:
[email protected]
Password:
0XsKEemhd6EE

Targets

- Target
  
  710d878e3a619723cb42dcd9e4ffbdc0_JaffaCakes118
- Size
  
  592KB
- MD5
  
  710d878e3a619723cb42dcd9e4ffbdc0
- SHA1
  
  54527dbdb0b16ddb88030af0b41eb43bbfb9b883
- SHA256
  
  16519d5d018c13766cad3838bb859e303c0213b3776039c1159793eceb2e282c
- SHA512
  
  30550a01d4a716b5b6a5a6fae971a813eb125db99729040358dcaea673e8fcb101cd5899a0d102c7a536ce33ed2c6da617d5fd89f3ddaa15cdd7af1cf696bb8f
- SSDEEP
  
  12288:vJ+N2WqjSFcZbvuUJCRXCqVxLcoYqR6jL/Ix4XoFu:vJWZyvv4R9bHY1I2b
Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy