agenttesla | 6ed0086221a2f3c43f5ec500d2e8db20897728b7a0cca54f0ebe308ee6a2d856 | Triage

Submit
Reports

Overview

overview

Static

static

3

Pro.invoice-0656.exe

windows7-x64

Pro.invoice-0656.exe

windows10-2004-x64

Sharing

General

Target

cab326157826df4c7dfb988a520d63b2_JaffaCakes118
Size

448KB
Sample

240830-m3rq9asapn
MD5

cab326157826df4c7dfb988a520d63b2
SHA1

d7390d59521a0f7afc6c52106fbd8f2c7fe3474d
SHA256

6ed0086221a2f3c43f5ec500d2e8db20897728b7a0cca54f0ebe308ee6a2d856
SHA512

acda29e13fd382ceae38fe3fa6080d1b9aee76cffafa26ba5fb76d1ac0e00c62b8b127b7d4d188d5e7c11430645c5c786ab3b650133aad9e5dd872a7eb0f26c4
SSDEEP

12288:kFtl1XZn2SYy2qJ0ms2f4PZ70u90yXIJEFMg0Qy:kF9X5Yy50YQx70u6iFMgA

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Pro.invoice-0656.exe

Resource

win7-20240729-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Pro.invoice-0656.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
VuVW%xY7ceo

Targets

- Target
  
  Pro.invoice-0656.exe
- Size
  
  665KB
- MD5
  
  8af807e3bb7ebb62b9cb17d237b6775a
- SHA1
  
  b59155ec49a8d6919d554cc86940d8be3dcc55c4
- SHA256
  
  5c17ad97be2e3d64846a0150594f54a6fc033e68b511a0a2e7fa0469306745ec
- SHA512
  
  b1bed0014a0e6730a3f56aee9754fcbf6cdca5190e815b9283489ff6302ccda03f337e474e660dfa5dbd417190be4405f64389042a53e8a77c1768954cc8e5d2
- SSDEEP
  
  12288:t2gzLNqGFtvuUkAThUBES9NFC+XGTiFlz9T1yV4A0pOTI:t9xvAATCBEUrCzTi/zqV4A
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy