agenttesla | 01f872c387017a3d557af1267c771afcc5db55420c53c1367b8d88f137a8e5d7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

d5c24009c0...18.exe

windows7-x64

d5c24009c0...18.exe

windows10-2004-x64

Sharing

General

Target

d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118
Size

613KB
Sample

240909-gse2tavclp
MD5

d5c24009c08ca3a3947c816adfa67ec9
SHA1

5d4a36adaf7dcd92547bd32b90d1ecd2da7ffaaf
SHA256

01f872c387017a3d557af1267c771afcc5db55420c53c1367b8d88f137a8e5d7
SHA512

5946326d44d2000670a9bc9af35f8a1a606444a24f6b78928b1553f9e0875482ba59e8d0afccc785c6909d1b0028c86b814361b802b407ebe4664bff07b326c0
SSDEEP

12288:OH9Lv2zv1gklQ/b6Ig4eNgurxylZVYTDH1Qk9dZP:OHw2k6g4YNylXuH1z9dZP

Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118.exe

Resource

win7-20240729-en

agenttesla collection credential_access discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118.exe

Resource

win10v2004-20240802-en

agenttesla collection credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
js}$_IlwF1q4

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
js}$_IlwF1q4

Targets

- Target
  
  d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118
- Size
  
  613KB
- MD5
  
  d5c24009c08ca3a3947c816adfa67ec9
- SHA1
  
  5d4a36adaf7dcd92547bd32b90d1ecd2da7ffaaf
- SHA256
  
  01f872c387017a3d557af1267c771afcc5db55420c53c1367b8d88f137a8e5d7
- SHA512
  
  5946326d44d2000670a9bc9af35f8a1a606444a24f6b78928b1553f9e0875482ba59e8d0afccc785c6909d1b0028c86b814361b802b407ebe4664bff07b326c0
- SSDEEP
  
  12288:OH9Lv2zv1gklQ/b6Ig4eNgurxylZVYTDH1Qk9dZP:OHw2k6g4YNylXuH1z9dZP
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy