agenttesla | c87864145285595c304c28ac7eacb465633ae7b5a0b3672a5fc225e0f9419146 | Triage

Submit
Reports

Overview

overview

Static

static

3

ORDER #990...DF.exe

windows7-x64

ORDER #990...DF.exe

windows10-2004-x64

Sharing

General

Target

ec19cb60ccd0cd8a681858bc2c6becd7_JaffaCakes118
Size

535KB
Sample

240919-ytvx4axgkc
MD5

ec19cb60ccd0cd8a681858bc2c6becd7
SHA1

ea51a16d2d93e0f7eb560986ffc6045956956ee5
SHA256

c87864145285595c304c28ac7eacb465633ae7b5a0b3672a5fc225e0f9419146
SHA512

debbf10e6d1c13e029d9ea74051d760159fa9711e92f0326c638cc9f327f2d5f7640e43e86531682c02dc53a040b1f26a11bb08e305066dd2efca7ad4aa3c931
SSDEEP

12288:05lYdqlHBUiifrKKm2Qy+RxJnKcZjxE19EDa4UGg7e/I1+tP9WApQQAp:05lYAHBHK7+rVHUPEDadGgigYP9dyP

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORDER #99079190.PDF.exe

Resource

win7-20240704-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER #99079190.PDF.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flagmonkey.com.au
Port:
587
Username:
[email protected]
Password:
Enter@222F

Targets

- Target
  
  ORDER #99079190.PDF.exe
- Size
  
  667KB
- MD5
  
  44f6165cfa4b24b2c59f413b83695c6e
- SHA1
  
  21144f2cc50349e444b7e69c3887e9ef2a380ff5
- SHA256
  
  63aa4b94125d5fd5621d354452e7f547b5937d099f3b92e1fc111f06136611fe
- SHA512
  
  ab94ca75f122a5d64fb1a072a3dc6ce2c1db3a8929dc1be8f57d70387ad5e8a039376d353675d9d36c74630e363ba36b013e7fb4f9c8f7615dad750ed705ae6d
- SSDEEP
  
  12288:hgC64TgixrK6mg+yyRDTnKcxjhM1TETqwuGgre/GJfbWI6VTMsMwl:Ef6NyhzHYJETqZGgSOJbEtTX
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy