agenttesla | 65cf63b950f32653a891754d6b52686a4de351a3aeb1324907d3b7c4cc7282f7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

NEW ORDER.exe

windows7-x64

NEW ORDER.exe

windows10-2004-x64

Sharing

General

Target

2cd5dbd4dc815734edf7be4cb6b68ae0_JaffaCakes118
Size

497KB
Sample

240708-sss48avgkp
MD5

2cd5dbd4dc815734edf7be4cb6b68ae0
SHA1

f26bb84555eb01073294e0c9b9a9659e377ca695
SHA256

65cf63b950f32653a891754d6b52686a4de351a3aeb1324907d3b7c4cc7282f7
SHA512

bb26b6f181aa686692f0e34b28fab46e62dba20d00d28dc9395497498d0a826dc4ea1e70103b4aa86702085c3f2a6fceeee6943f87aca73e990c756a7e9be544
SSDEEP

12288:f3QT+2UNiASP5Q+M635lH4cVEuhc1Jupj6Y+MuzqLWUrqNQS2B1S:LNiASxQMjH4cVVNpj6Y+7zXRr2B1S

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEW ORDER.exe

Resource

win7-20240708-en

agenttesla evasion keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEW ORDER.exe

Resource

win10v2004-20240704-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.fakly-cambodia.com
Port:
587
Username:
[email protected]
Password:
Mmhh#2014

Targets

- Target
  
  NEW ORDER.exe
- Size
  
  740KB
- MD5
  
  161eb73b1e04a20bad1b9f47716abe8d
- SHA1
  
  0fc916438fb79d83b1232a9c6913a599ffa5c641
- SHA256
  
  5ae71498e3b1d2707c84bcd6f43566b8834f310dccafd64ef81e54cbe7ac4b01
- SHA512
  
  1b27317105bf51911ad5e355bea51278dbf49d72365171eba914bfd612a40839490d073be4bd9974a9d51330c869b8aa18b88c860e19869249a533df18498d50
- SSDEEP
  
  12288:ADX3jNNQniCpB5A+W6nRHDWcVYuhi1xaDjuY+wuzaLWUrm9Osd:ADnjNNwrAU5DWcVZPDjuY+fznjH
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy