agenttesla | 626e3b000c3ebb9f8f32e54b5fbb9e6f4abaf10af158aa0d71169042f1ce2614 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

New PO.exe

windows7-x64

New PO.exe

windows10-2004-x64

Sharing

General

Target

6794aa711495bc08e7c61c7ff4f6a54e_JaffaCakes118
Size

681KB
Sample

240723-pkpv2szakq
MD5

6794aa711495bc08e7c61c7ff4f6a54e
SHA1

412785b1980e83986ed4a83f3e4522f2192f0edc
SHA256

626e3b000c3ebb9f8f32e54b5fbb9e6f4abaf10af158aa0d71169042f1ce2614
SHA512

3acd892f22d8e7c33f58f71e2a8cee1a5d927ee34590c2ed54a72c957e6dd65c09f248807381c362bd08667f08c9b4b58c5649ef72024e0738b850fba5dd5159
SSDEEP

12288:8fWG5wGRplFwoOFK8x4VtnUZIYou/JPi2yq2yKlRweDY4Q0TR3AiMRclSxBE/B:3+FwoOFSVKZITuRPoqT8R/XT5Aik8Z/B

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New PO.exe

Resource

win7-20240705-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

New PO.exe

Resource

win10v2004-20240709-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.softg.com.ng/
Port:
21
Username:
[email protected]
Password:
logs184035721

Targets

- Target
  
  New PO.exe
- Size
  
  902KB
- MD5
  
  c620cb4980a6984166e7f8a02d620a93
- SHA1
  
  b007fa2db34b8d6442058bbbc2ce323947fa412f
- SHA256
  
  fca02c1e43831d819e18a62b8437ce43942eca3110c68a09be88a600fba74fce
- SHA512
  
  17e8961579596ccf30acd2df40521c0c9fee3cc5bcd3e4815133b1ca9c09f1904713a8312cada6142a5e97db142fd6244d5ded1d6d9f2c61eec449e7162aeabc
- SSDEEP
  
  24576:ZL2RGgFQVCfI1alPmqT8J/7tN4l/G2dn26:ZL5g0Cfe3fJZMVnN
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy