agenttesla | ea5f61ba2282bf0b98c22c548bd57a5f8115e93611d085953cd4e04f6a825615 | Triage

Submit
Reports

Overview

overview

Static

static

3

cf42aa19bd...18.exe

windows7-x64

cf42aa19bd...18.exe

windows10-2004-x64

Sharing

General

Target

cf42aa19bd88626813cb2aa7c8b68b37_JaffaCakes118
Size

410KB
Sample

240906-lr1dkszdlc
MD5

cf42aa19bd88626813cb2aa7c8b68b37
SHA1

df529898b3da01a15392c008878288a2fa4a7576
SHA256

ea5f61ba2282bf0b98c22c548bd57a5f8115e93611d085953cd4e04f6a825615
SHA512

3d088b33d982cb3daf9e343d644ee1124cd8e38d910fb52a82e6fa4e341ee3f0159b9c6b897ad7803d6e2c8f93df49e622cc988ae8113f0ea2a4a1d24486c9dc
SSDEEP

12288:mCmESo6fj+uePPTONJuG35GrtWsuYM6GV4XppA9+:m9ESTfjnezOGIGrUsuYMD2ZpT

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf42aa19bd88626813cb2aa7c8b68b37_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf42aa19bd88626813cb2aa7c8b68b37_JaffaCakes118.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1975237880:AAHKgRnseXCSSPJw6MgfujMF0PvBjyMOsXc/sendDocument

Targets

- Target
  
  cf42aa19bd88626813cb2aa7c8b68b37_JaffaCakes118
- Size
  
  410KB
- MD5
  
  cf42aa19bd88626813cb2aa7c8b68b37
- SHA1
  
  df529898b3da01a15392c008878288a2fa4a7576
- SHA256
  
  ea5f61ba2282bf0b98c22c548bd57a5f8115e93611d085953cd4e04f6a825615
- SHA512
  
  3d088b33d982cb3daf9e343d644ee1124cd8e38d910fb52a82e6fa4e341ee3f0159b9c6b897ad7803d6e2c8f93df49e622cc988ae8113f0ea2a4a1d24486c9dc
- SSDEEP
  
  12288:mCmESo6fj+uePPTONJuG35GrtWsuYM6GV4XppA9+:m9ESTfjnezOGIGrUsuYMD2ZpT
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy