agenttesla | 871cb8ec41387d172ee2f7c67c771b12a2d764617afe9a2820f9766623d67113 | Triage

Submit
Reports

Overview

overview

Static

static

3

0xBenz Spoofer.exe

windows7-x64

0xBenz Spoofer.exe

windows10-2004-x64

Sharing

General

Target

0xBenz Spoofer.rar
Size

11.4MB
Sample

240831-x8ad9s1emk
MD5

26ba78d49e8b42ab49fcfb6c41dfa49e
SHA1

4f3206acfad5be8a0c72b124e4f22fc5b3f5e8fb
SHA256

871cb8ec41387d172ee2f7c67c771b12a2d764617afe9a2820f9766623d67113
SHA512

7510fb9fe20821908e791fc4c6218da870c1ec380aebbb239b697c9b0b351ee8c8cfec1cb00386dda9997a38eabff4799238a46b04f8cbb98d90009ddffa6aaa
SSDEEP

196608:/QyMJ+Dcbu9U/4FktMABQSGpApD+20HnCGx70YJKxzU6g4Kz42w5krBfkV7uC5b:/QyMJAcbuuaktfBQScV2wrx70YJmzU6z

Score

10^/10

agenttesla discovery keylogger macro persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0xBenz Spoofer.exe

Resource

win7-20240729-en

agenttesla discovery keylogger macro persistence spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0xBenz Spoofer.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger macro persistence spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  0xBenz Spoofer.exe
- Size
  
  12.2MB
- MD5
  
  0a90d26fed44e0adc47a981f1bbb4be9
- SHA1
  
  51d5d7e5286cf8ebbd0bf995902e9c07cf5b9bdc
- SHA256
  
  57595f8217e40c3b92cabb2acba08e241f80e432551f5a5f09cb965b9d1361e2
- SHA512
  
  26cdcf12fdcfc23175b9fad8af4ea5334cf44fcb101401ed911a148d9920743cf443aadd8550bd1c21e049fa8b633f7b631444bef69c6928a00d9864fb057a37
- SSDEEP
  
  393216:7bhpZbRK0u3ezsWHYM2G1WKWLRTqAPLKEem2:fh7w0u3eA020+Rl+
Score

10^/10

agenttesla discovery keylogger macro persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious Office macro
  Office document equipped with macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggermacropersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggermacropersistencespywarestealertrojan

© 2018-2025

Terms | Privacy