agenttesla | b7658612c080e27a2e17e20cff2fa72616d8855f0bd0ab85af9cf4605d54255b | Triage

Submit
Reports

Overview

overview

Static

static

3

45e6ff0566...18.exe

windows7-x64

45e6ff0566...18.exe

windows10-2004-x64

Sharing

General

Target

45e6ff05665da4f3648e08628150f7f1_JaffaCakes118
Size

720KB
Sample

241015-fcvlwszbqm
MD5

45e6ff05665da4f3648e08628150f7f1
SHA1

fbf09cf12b49898388445d1e8f40a47d2373a4f6
SHA256

b7658612c080e27a2e17e20cff2fa72616d8855f0bd0ab85af9cf4605d54255b
SHA512

5c8d8d7b5a1438549cfa880d2d6eed06a1e3d8fe90c5474b41a881e268dd576b86cc8a5939ec590e52d77beb521314e774c2dbf22eda842c9f489ef81ca301c1
SSDEEP

12288:rZ8eJsPAXDbwsUP3gwKZFdUsR1vbBIKKA3NMFTY++Tq0cmD4VHfQe6ZyWshg+qb7:OPWUP3+UsvlIKKAdMFs++D4VHfQe6ZyG

Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

45e6ff05665da4f3648e08628150f7f1_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

45e6ff05665da4f3648e08628150f7f1_JaffaCakes118.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1335107831:AAGZPoo67JukV78LJI16BeQqy3whx-zI59g/sendDocument

Targets

- Target
  
  45e6ff05665da4f3648e08628150f7f1_JaffaCakes118
- Size
  
  720KB
- MD5
  
  45e6ff05665da4f3648e08628150f7f1
- SHA1
  
  fbf09cf12b49898388445d1e8f40a47d2373a4f6
- SHA256
  
  b7658612c080e27a2e17e20cff2fa72616d8855f0bd0ab85af9cf4605d54255b
- SHA512
  
  5c8d8d7b5a1438549cfa880d2d6eed06a1e3d8fe90c5474b41a881e268dd576b86cc8a5939ec590e52d77beb521314e774c2dbf22eda842c9f489ef81ca301c1
- SSDEEP
  
  12288:rZ8eJsPAXDbwsUP3gwKZFdUsR1vbBIKKA3NMFTY++Tq0cmD4VHfQe6ZyWshg+qb7:OPWUP3+UsvlIKKAdMFs++D4VHfQe6ZyG
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy