agenttesla | 193fe7f7fc4dec6fb1c6cbd7071f1feb6021dd3c570e219927faefdf499fb096 | Triage

Submit
Reports

Overview

overview

Static

static

3

d6ae4df904...18.exe

windows7-x64

d6ae4df904...18.exe

windows10-2004-x64

Sharing

General

Target

d6ae4df904afd895805671c5fe27cecb_JaffaCakes118
Size

469KB
Sample

240909-ts4fmazdnc
MD5

d6ae4df904afd895805671c5fe27cecb
SHA1

efcd9150f4e8e634105432b5710986850467d843
SHA256

193fe7f7fc4dec6fb1c6cbd7071f1feb6021dd3c570e219927faefdf499fb096
SHA512

2d0618606437747c2d01e14eed5ce71f0d5b0ed580f12edb0c3ff9d5a9c892b3dc768be027ffe3c55fc7b3541073835e352b5db78eb4bc390cd22e008d01d652
SSDEEP

12288:DWMf9/jtBkKp2iya2En4hDDqJ0npuIOb5Rk4b:DTf9/pqKp2zab4hDm0ROtRkc

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d6ae4df904afd895805671c5fe27cecb_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d6ae4df904afd895805671c5fe27cecb_JaffaCakes118.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.thanhphet.asia
Port:
587
Username:
[email protected]
Password:
Daddyhandsome@1234
Email To:
[email protected]

Targets

- Target
  
  d6ae4df904afd895805671c5fe27cecb_JaffaCakes118
- Size
  
  469KB
- MD5
  
  d6ae4df904afd895805671c5fe27cecb
- SHA1
  
  efcd9150f4e8e634105432b5710986850467d843
- SHA256
  
  193fe7f7fc4dec6fb1c6cbd7071f1feb6021dd3c570e219927faefdf499fb096
- SHA512
  
  2d0618606437747c2d01e14eed5ce71f0d5b0ed580f12edb0c3ff9d5a9c892b3dc768be027ffe3c55fc7b3541073835e352b5db78eb4bc390cd22e008d01d652
- SSDEEP
  
  12288:DWMf9/jtBkKp2iya2En4hDDqJ0npuIOb5Rk4b:DTf9/pqKp2zab4hDm0ROtRkc
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy