agenttesla | 1cbb3fb595a28aa7551d0c4e5c50dc0a3f8efbb918534f4d1d6cabceee7bb80a | Triage

Submit
Reports

Overview

overview

Static

static

3

0b464d037c...18.exe

windows7-x64

0b464d037c...18.exe

windows10-2004-x64

Sharing

General

Target

0b464d037c923a4a3c8735d610fb86b9_JaffaCakes118
Size

696KB
Sample

240624-3jce8axhph
MD5

0b464d037c923a4a3c8735d610fb86b9
SHA1

b4d28f06c20daeec9907c69bd068f75219c6fbbe
SHA256

1cbb3fb595a28aa7551d0c4e5c50dc0a3f8efbb918534f4d1d6cabceee7bb80a
SHA512

4d391a7aa16cce8e7d4ce73e4584034b29f41dfc8394f960b36bc10cfcab7c5e1d0d10655bbc3d50c37f6ef658f1aa81cb5f31fb1352a642cbc2b8f9bf88ac6e
SSDEEP

12288:Oy3N+70pKXQlNhGTLkM8jaQ9kWflw480+sDpjhh+0dn1LFzJ:h0TLk7aDah8M5h8q1LFz

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0b464d037c923a4a3c8735d610fb86b9_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b464d037c923a4a3c8735d610fb86b9_JaffaCakes118.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.vietthinhfumiture.com
Port:
587
Username:
[email protected]
Password:
FD(jEPr0

Targets

- Target
  
  0b464d037c923a4a3c8735d610fb86b9_JaffaCakes118
- Size
  
  696KB
- MD5
  
  0b464d037c923a4a3c8735d610fb86b9
- SHA1
  
  b4d28f06c20daeec9907c69bd068f75219c6fbbe
- SHA256
  
  1cbb3fb595a28aa7551d0c4e5c50dc0a3f8efbb918534f4d1d6cabceee7bb80a
- SHA512
  
  4d391a7aa16cce8e7d4ce73e4584034b29f41dfc8394f960b36bc10cfcab7c5e1d0d10655bbc3d50c37f6ef658f1aa81cb5f31fb1352a642cbc2b8f9bf88ac6e
- SSDEEP
  
  12288:Oy3N+70pKXQlNhGTLkM8jaQ9kWflw480+sDpjhh+0dn1LFzJ:h0TLk7aDah8M5h8q1LFz
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy