agenttesla | a9728615030bd131152dc0898470f5ddfd792ae459f56974be09f103c616e6fd | Triage

Submit
Reports

Overview

overview

Static

static

5

Electro-08282024.exe

windows7-x64

Electro-08282024.exe

windows10-2004-x64

Sharing

General

Target

30082024_0200_28082024_Electro-08282024.7z
Size

697KB
Sample

240830-cfe4tssajc
MD5

93944b06a379e54c588ce5f17f928f7a
SHA1

08287a75150bed81469e3f8176cae5cfd61ad0a6
SHA256

a9728615030bd131152dc0898470f5ddfd792ae459f56974be09f103c616e6fd
SHA512

fa3a27705a89099f401621ed07437185d9eeee37d5dc72303b59596dfdc5c2fc2c01c17f4c074ad7592601cd3dd5846c7299afb0874c3b6df85d36fda1ab0cda
SSDEEP

12288:Q13iGyRfVXK3iTE+LOqnIGOTcuJYcTP8YSDObGjs9q7Vh0qIqsTbpqdyTP0OHta8:Q1qjK3MJlvOTjJHTLGssX0qLwsaczkzT

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Electro-08282024.exe

Resource

win7-20240704-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Electro-08282024.exe

Resource

win10v2004-20240802-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Electro-08282024.exe
- Size
  
  1.2MB
- MD5
  
  9d3827e8622b4221588f60a3273cb725
- SHA1
  
  1f1521c7c0d0f999d1afa921036082729fdb9261
- SHA256
  
  cec92fba69ba56563b3e84ed87291bfb50a85a6e44b6a9b5cd698c00c380e0f0
- SHA512
  
  661900d0386cee1af5806a6ad274f2f7dfe3d4624bf065814a509b84d1ed905c86449a64b879d3283dedb9b88d4189423e30f967e9f268c6e8094b35eb0cca51
- SSDEEP
  
  24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aF7wVq+wnazZkzFdd:8TvC/MTQYxsWR7aFAVlkzj
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy