agenttesla | dbb61a60d887156db921acb292375cbf9dfc334a5395f29fadc1441f31e31838 | Triage

Submit
Reports

Overview

overview

Static

static

3

ecdfaa43d6...18.exe

windows7-x64

ecdfaa43d6...18.exe

windows10-2004-x64

Sharing

General

Target

ecdfaa43d6e0b5ec1a715fbe9dfa8f08_JaffaCakes118
Size

771KB
Sample

240920-fgpanszell
MD5

ecdfaa43d6e0b5ec1a715fbe9dfa8f08
SHA1

5342527196894b340321d8fcc71a3a6adcf1bce9
SHA256

dbb61a60d887156db921acb292375cbf9dfc334a5395f29fadc1441f31e31838
SHA512

10a3808afb9094b6082b6d2de5fd6ae305b5aa1600cd16c1d38f8fc8cc206e295d01e8321d15829919f71bcf7bc0e4da75dc5585f83d64df1fcf2123f4b836d8
SSDEEP

12288:Gbk3hHcd8IGtmRUl/DcFEQswdpAssgNOOv8/BArLSNI3yBjNVaLn6FH9B2n6uiw0:GSgm807cOQq80BCcHwn69DYc

Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ecdfaa43d6e0b5ec1a715fbe9dfa8f08_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla discovery evasion keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ecdfaa43d6e0b5ec1a715fbe9dfa8f08_JaffaCakes118.exe

Resource

win10v2004-20240802-en

agenttesla discovery evasion keylogger spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tatratrading.com
Port:
587
Username:
[email protected]
Password:
FTAm_6650-

Targets

- Target
  
  ecdfaa43d6e0b5ec1a715fbe9dfa8f08_JaffaCakes118
- Size
  
  771KB
- MD5
  
  ecdfaa43d6e0b5ec1a715fbe9dfa8f08
- SHA1
  
  5342527196894b340321d8fcc71a3a6adcf1bce9
- SHA256
  
  dbb61a60d887156db921acb292375cbf9dfc334a5395f29fadc1441f31e31838
- SHA512
  
  10a3808afb9094b6082b6d2de5fd6ae305b5aa1600cd16c1d38f8fc8cc206e295d01e8321d15829919f71bcf7bc0e4da75dc5585f83d64df1fcf2123f4b836d8
- SSDEEP
  
  12288:Gbk3hHcd8IGtmRUl/DcFEQswdpAssgNOOv8/BArLSNI3yBjNVaLn6FH9B2n6uiw0:GSgm807cOQq80BCcHwn69DYc
Score

10^/10

agenttesla discovery evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryevasionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryevasionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy