agenttesla | 30673ca4675d75d6597d5a1bc76ada58e20603961532bd0dcd429fe7879a73f0 | Triage

Submit
Reports

Overview

overview

Static

static

3

f7eb3dac5c...18.exe

windows7-x64

f7eb3dac5c...18.exe

windows10-2004-x64

Sharing

General

Target

f7eb3dac5c5fe26865ed2b8724d71227_JaffaCakes118
Size

723KB
Sample

240926-jtv6jawckj
MD5

f7eb3dac5c5fe26865ed2b8724d71227
SHA1

1f2a69cbbcd9a761184bf06ae80afa0aed7dc4ad
SHA256

30673ca4675d75d6597d5a1bc76ada58e20603961532bd0dcd429fe7879a73f0
SHA512

926d5da446882d1fe28b47041e3e12a84bdb338e08bfaba48dd87262cd4caf563b446b35eb18639537a9f40c7f0680135a3cb003ba10948e69f3174ecb9b5d24
SSDEEP

12288:pBLZi970Oz6hGy01Oc0D8E40XpXyxnY2b0d3qpLvEQm103pJ5:DLZ7AOHoWXpUY534qmpJ5

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f7eb3dac5c5fe26865ed2b8724d71227_JaffaCakes118.exe

Resource

win7-20240708-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7eb3dac5c5fe26865ed2b8724d71227_JaffaCakes118.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
@Mexico1.,

Targets

- Target
  
  f7eb3dac5c5fe26865ed2b8724d71227_JaffaCakes118
- Size
  
  723KB
- MD5
  
  f7eb3dac5c5fe26865ed2b8724d71227
- SHA1
  
  1f2a69cbbcd9a761184bf06ae80afa0aed7dc4ad
- SHA256
  
  30673ca4675d75d6597d5a1bc76ada58e20603961532bd0dcd429fe7879a73f0
- SHA512
  
  926d5da446882d1fe28b47041e3e12a84bdb338e08bfaba48dd87262cd4caf563b446b35eb18639537a9f40c7f0680135a3cb003ba10948e69f3174ecb9b5d24
- SSDEEP
  
  12288:pBLZi970Oz6hGy01Oc0D8E40XpXyxnY2b0d3qpLvEQm103pJ5:DLZ7AOHoWXpUY534qmpJ5
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy