agenttesla | 3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

3a23505e90...9.xlam

windows7-x64

3a23505e90...9.xlam

windows10-2004-x64

1

Sharing

General

Target

3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9.xlsx
Size

14KB
Sample

240529-bpskvadc85
MD5

613bc31f40a70c787c70e5fa82ba3da6
SHA1

d689a647a7254e5a9d349a61e951c0629b43a473
SHA256

3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9
SHA512

2495e1cc29f8cc5749365574637dc684c48e2fba9013b4b0b226208b793690951e35ceb813723d72343128c853f1705c3964a4a36bc529bbf4ef1e8f50ebab17
SSDEEP

384:q4hFXIZwODvsHq7EVKn9keeGZkauRqKos/FUK:5hNIjJHnue/ka1KosuK

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9.xlam

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9.xlam

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dominostores.top
Port:
587
Username:
[email protected]
Password:
vqpF.#QRT234
Email To:
[email protected]

Targets

- Target
  
  3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9.xlsx
- Size
  
  14KB
- MD5
  
  613bc31f40a70c787c70e5fa82ba3da6
- SHA1
  
  d689a647a7254e5a9d349a61e951c0629b43a473
- SHA256
  
  3a23505e90df25fe34b92eebb73fa08d4571d3f12b12807711325d16a3ec2db9
- SHA512
  
  2495e1cc29f8cc5749365574637dc684c48e2fba9013b4b0b226208b793690951e35ceb813723d72343128c853f1705c3964a4a36bc529bbf4ef1e8f50ebab17
- SSDEEP
  
  384:q4hFXIZwODvsHq7EVKn9keeGZkauRqKos/FUK:5hNIjJHnue/ka1KosuK
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy