agenttesla | 80caaa2035880fc2b582398310208a9d25b1f07820f23da06e769bedb36030b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

Stix Free ...er.exe

windows7-x64

Stix Free ...er.exe

windows10-2004-x64

Sharing

General

Target

Stix Free Utility Installer.exe
Size

12.3MB
Sample

240905-qc774a1fkk
MD5

b5ecb6d0a487cff57891ec2cc46370fd
SHA1

1229b2fa0c40d88a7e1b6f457695c7af8c3b55e9
SHA256

80caaa2035880fc2b582398310208a9d25b1f07820f23da06e769bedb36030b6
SHA512

cea39367b838c1f35f9d197d979f6cc23919b8c1198b87adb9ec28db46aa14c19a55b688586428a89dee74a801b888819943a41049b9ee5a93d317d3e93758c0
SSDEEP

393216:Cb9+zykLmzEHwOkp7rN0AHsGs8NbTUdEuk6:29+zykLmz2c7rWoTU7k6

Score

10^/10

agenttesla discovery execution keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Stix Free Utility Installer.exe

Resource

win7-20240903-en

agenttesla discovery execution keylogger persistence spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

Stix Free Utility Installer.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Stix Free Utility Installer.exe
- Size
  
  12.3MB
- MD5
  
  b5ecb6d0a487cff57891ec2cc46370fd
- SHA1
  
  1229b2fa0c40d88a7e1b6f457695c7af8c3b55e9
- SHA256
  
  80caaa2035880fc2b582398310208a9d25b1f07820f23da06e769bedb36030b6
- SHA512
  
  cea39367b838c1f35f9d197d979f6cc23919b8c1198b87adb9ec28db46aa14c19a55b688586428a89dee74a801b888819943a41049b9ee5a93d317d3e93758c0
- SSDEEP
  
  393216:Cb9+zykLmzEHwOkp7rN0AHsGs8NbTUdEuk6:29+zykLmz2c7rWoTU7k6
Score

10^/10

agenttesla discovery execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Image File Execution Options Injection

Power Settings

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy