agenttesla | 17d1ef802af949ebabcb1b36a3fffdd5854e59e5c4ec65af1f66f952f65e9a32 | Triage

Submit
Reports

Overview

overview

Static

static

5

a025ca2161...c2.exe

windows7-x64

a025ca2161...c2.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5de229b7fd3c91d03a721ae44214e3aa.bin
Size

644KB
Sample

240612-b75ccsybkb
MD5

70b5365bdf78395379f24f18dcafaa8d
SHA1

5836df807d2a0175137f7e81dea931c58ca0a2ec
SHA256

17d1ef802af949ebabcb1b36a3fffdd5854e59e5c4ec65af1f66f952f65e9a32
SHA512

01c5e25e36045ac015a879760e1758f4bbdb641b842e888ebb4885ad6b57b5999c1cf6ad26cb42634a2f836c542db917e76d3bee5f80f85e4137e92b30e3a921
SSDEEP

12288:QtHGvt/njEVeXZEV/HVFqXz3DlcQgE1+lN/HM2EdTWB1Jwjt9d92S7ENmOSs:QtH0NAAeVvUKHE1+lFHdiWHJQ792H3Ss

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a025ca2161bf1125aa31aa65ba154f261f7dae204f7abfaf5ecf392eab8e9fc2.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a025ca2161bf1125aa31aa65ba154f261f7dae204f7abfaf5ecf392eab8e9fc2.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  a025ca2161bf1125aa31aa65ba154f261f7dae204f7abfaf5ecf392eab8e9fc2.exe
- Size
  
  1.0MB
- MD5
  
  5de229b7fd3c91d03a721ae44214e3aa
- SHA1
  
  92c4645f075bec1f2a2285f1d3d10bb2b6cdf745
- SHA256
  
  a025ca2161bf1125aa31aa65ba154f261f7dae204f7abfaf5ecf392eab8e9fc2
- SHA512
  
  429d56e5d2a8d828e70182febd0af1893d05d789c1a3197c808e043ee1371eed078f06114f256e6b2d9629a42143a9536dc758ca01323ecce2f032cbee2ec6f9
- SSDEEP
  
  24576:TAHnh+eWsN3skA4RV1Hom2KXMmHa3VHMYLlMVj0KKwwWO5:eh+ZkldoPK8Ya39xLWhnc
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy