agenttesla | 7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994 | Triage

Submit
Reports

Overview

overview

Static

static

5

7305976e77...94.exe

windows7-x64

7305976e77...94.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994
Size

1.0MB
Sample

240602-bewvhsdd4y
MD5

3a5ef1d60aabceae57bf216bbd325014
SHA1

f2555fd52add08ee71b65c5ac823cb3b3b9d62b9
SHA256

7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994
SHA512

7143d8f357aace7ec2f465492292f9c10aa7877a17ecf3b3c79815c1491d52a31d2aabd7a36c166603d6c11c05a610623e8898a09e85c6282bdce4fc99c677c7
SSDEEP

24576:RAHnh+eWsN3skA4RV1Hom2KXMmHaeE4HOxJKkUI5:oh+ZkldoPK8YaeTHO3/

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.gizemetiket.com.tr
Port:
21
Username:
pgizemM6
Password:
giz95Ffg

Targets

- Target
  
  7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994
- Size
  
  1.0MB
- MD5
  
  3a5ef1d60aabceae57bf216bbd325014
- SHA1
  
  f2555fd52add08ee71b65c5ac823cb3b3b9d62b9
- SHA256
  
  7305976e77145f97b4b5920f08507d7e8f3f065ecdd66fad5633dfeff94a0994
- SHA512
  
  7143d8f357aace7ec2f465492292f9c10aa7877a17ecf3b3c79815c1491d52a31d2aabd7a36c166603d6c11c05a610623e8898a09e85c6282bdce4fc99c677c7
- SSDEEP
  
  24576:RAHnh+eWsN3skA4RV1Hom2KXMmHaeE4HOxJKkUI5:oh+ZkldoPK8YaeTHO3/
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy