agenttesla | e8712b318883391c80122dd5e91f633c69a436b2b44ba984401573abecf0a8f0 | Triage

Submit
Reports

Overview

overview

Static

static

3

Purchase O...29.exe

windows7-x64

Purchase O...29.exe

windows10-2004-x64

Sharing

General

Target

ce01eac4d9999170d8d4d794d7a4a7fa_JaffaCakes118
Size

470KB
Sample

240905-1k776s1ckd
MD5

ce01eac4d9999170d8d4d794d7a4a7fa
SHA1

fa9256ee6e55401ff0277a525d73870b98f509f0
SHA256

e8712b318883391c80122dd5e91f633c69a436b2b44ba984401573abecf0a8f0
SHA512

5e0c30aafa1321361d0418986a5c3b84c972c6aecd83bcdbbc672362ed463cd66a7e8cf2e0be6d678f71fabcf29fb553252ae29065afad494797796f5f61f4f7
SSDEEP

6144:50R723+2k3AI2h/etQdkWOvazDq8ABMH+OpC0F/1Bs6p0qk7oM25F5u7z/haRyG3:yR7UwGesROvay8U7051+jDD275aG9e7e

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Purchase Order Q210170 RE 91029.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase Order Q210170 RE 91029.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.renlk.me
Port:
587
Username:
[email protected]
Password:
j*E@Hj}RaXJb

Targets

- Target
  
  Purchase Order Q210170 RE 91029.exe
- Size
  
  671KB
- MD5
  
  baaf79960eeaa766ce5f5bb1a0fb4dd3
- SHA1
  
  b712cad12b77ab871ffae99eaabc770a4af25481
- SHA256
  
  074ec93e3d7e053ffa12c3dc3e6f391af940190e2d61080e859b7ff10d14e115
- SHA512
  
  c434f79fe985bb51afcf68a54acac7b4791582e4f22073f74c392289817d65b8b67e1bb278f08a76e37c3dc890fcbb709b72f49f059c3922f95f0f0679a07c14
- SSDEEP
  
  12288:T1+NK/g2PRWeFEecTwvaY8a30z/+jHDs750mi5:TMeFEbTwv73jE750
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy