agenttesla | a97e781015b2cb80510a541065f8903f2e02d1f9a04482c159653ccac984fae8 | Triage

Submit
Reports

Overview

overview

Static

static

5

8312e58c55...16.exe

windows7-x64

8312e58c55...16.exe

windows10-2004-x64

Sharing

General

Target

ebfa87110b978b2562ba9ed78923cede.bin
Size

723KB
Sample

240904-ce98ksvapa
MD5

56ddf24c752a67bfc94f7749da198a43
SHA1

a6d1af168704f9a0de07c49c274fc37a351b85a9
SHA256

a97e781015b2cb80510a541065f8903f2e02d1f9a04482c159653ccac984fae8
SHA512

2deb046ee4f00285efb4141bbe8f22fbc0a499e1237e392d579933e5bc11cbc334969e05a74210d76c2f3bd153d24726aa9125ef8ec061b7f1f95418cb6022a3
SSDEEP

12288:ySSD59XCKk3X3yZRSaiX9cAPx0lHElCM3jYppEWf7clI/bvl3w3wWKYk:y3HSKIX3q0bcAPx0KlCjppEQZDvOHKYk

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8312e58c554deab7026628043e054b995454490c37e14d2b07907387bad02d16.exe

Resource

win7-20240903-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8312e58c554deab7026628043e054b995454490c37e14d2b07907387bad02d16.exe

Resource

win10v2004-20240802-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  8312e58c554deab7026628043e054b995454490c37e14d2b07907387bad02d16.exe
- Size
  
  1.1MB
- MD5
  
  ebfa87110b978b2562ba9ed78923cede
- SHA1
  
  98e1ec5db59bdfc2d0ab8c63a3a10977b48315d2
- SHA256
  
  8312e58c554deab7026628043e054b995454490c37e14d2b07907387bad02d16
- SHA512
  
  eed2a4020d1c61bc3a85b53e128cd86edf8e1318475f11b67c3794ca7f84766a52a48065bba70d1295b199f31bec56be185db62d68eb7b96321437357c6cdb7a
- SSDEEP
  
  24576:EAHnh+eWsN3skA4RV1Hom2KXMmHad/mFoQ6uDIPHB5:Th+ZkldoPK8Yad/mwXr
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy