agenttesla | 70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071f | Triage

Submit
Reports

Overview

overview

Static

static

5

7031833871...fN.exe

windows7-x64

7031833871...fN.exe

windows10-2004-x64

Sharing

General

Target

70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071fN
Size

1.2MB
Sample

241009-dq1nystamg
MD5

92a9830045bbc0c579e93a43f4a2bac0
SHA1

71948f109381a544a68fe60a80552cc80cc711f7
SHA256

70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071f
SHA512

5a6345eb06e6ed34fc690ba30a5f780a02a4d1da08d2e430dcf0b60d0149b34e62c115b3d8a199f6109626b757c0a676da0f0515e738593ddfff1f2db2c1148e
SSDEEP

24576:ffmMv6Ckr7Mny5QLEEmLytGg0CyrDbQ0Y/iEOmnv:f3v+7/5QLbmAGgFy3b3YMmv

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071fN.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071fN.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071fN
- Size
  
  1.2MB
- MD5
  
  92a9830045bbc0c579e93a43f4a2bac0
- SHA1
  
  71948f109381a544a68fe60a80552cc80cc711f7
- SHA256
  
  70318338716385738116421a0b52bb7d2b4b55975d138c353a0c70739ce6071f
- SHA512
  
  5a6345eb06e6ed34fc690ba30a5f780a02a4d1da08d2e430dcf0b60d0149b34e62c115b3d8a199f6109626b757c0a676da0f0515e738593ddfff1f2db2c1148e
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLEEmLytGg0CyrDbQ0Y/iEOmnv:f3v+7/5QLbmAGgFy3b3YMmv
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy