agenttesla | f1524c285f261aa6f27649e93e175af037f13f043220fa5067ea8fbd9f18de88 | Triage

Submit
Reports

Overview

overview

Static

static

3

Ref#1605338.exe

windows7-x64

7

Ref#1605338.exe

windows10-2004-x64

Sharing

General

Target

f1524c285f261aa6f27649e93e175af037f13f043220fa5067ea8fbd9f18de88
Size

24KB
Sample

241017-bv46tsvcpf
MD5

f8fa0d36704535d59d6e59fddee92d78
SHA1

0b87c985a181afdf8d4c51bd0912654e1f77ab70
SHA256

f1524c285f261aa6f27649e93e175af037f13f043220fa5067ea8fbd9f18de88
SHA512

102369be251c909458e2175e7f726a6a4211a8bb5918e548c8ab3bedb0491c260956111e39c66d55612dd2d472eedf31f280b3cfa5260fafa51bf3036c1ca64b
SSDEEP

768:WerqV12hA6Uhk/nFzWKI+WfTm/1NSxd/AqO:Zrq89JvBW4DsQ

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Ref#1605338.exe

Resource

win7-20240729-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ref#1605338.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  Ref#1605338.exe
- Size
  
  116KB
- MD5
  
  2b1db5315348f2450af136754ebbb7fd
- SHA1
  
  153b2c05fdf35b77f2fb913ef6f504abc56a6d2b
- SHA256
  
  76c32944e75b71da837b7b0b2e434aead9af0a352204979b5f7ab7112f378b49
- SHA512
  
  8eee7d9a5364ef00698c5b2896fd5211eb5087f313a3e9907d7f980311a786423a4224fc69c163e96feb94208799bdf8cc804661ae8f984d226a6d335dc873f9
- SSDEEP
  
  1536:9Ss1SilfYfSqfIpxUhWJ7JGabSvadnbulIpJ5hmJ:kilzpRJdGLadnbulIpJ5hC
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy