agenttesla | 8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f | Triage

Submit
Reports

Overview

overview

Static

static

1

8aca79c93e...4f.hta

windows7-x64

8

8aca79c93e...4f.hta

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f.hta
Size

164KB
Sample

241018-cldg7a1ajf
MD5

63144d8097791d805f2e04403fea9727
SHA1

a6b828a4351d7d623e9f46ce3dac78f83a145f4e
SHA256

8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f
SHA512

6fa04043272a24c1f5bc89fcb0a3fe954e16f51d1257aa25980be5e0517bcdd5e541a25fa01eac50b479b9c945db08497d76f5f4b1d264f0c86b4820ec7dcf4d
SSDEEP

48:7oa+awjz7eWLB227r05bBqeTqfxtRzpyaLGf10px/YsfyfAgs80iJAT:Ea+n7j7wO3HZkUfy4SAT

Score

10^/10

agenttesla defense_evasion discovery execution keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f.hta

Resource

win7-20240903-en

defense_evasion discovery execution

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f.hta

Resource

win10v2004-20241007-en

agenttesla defense_evasion discovery execution keylogger spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.synergyinnovationsgroup.com
Port:
587
Username:
[email protected]
Password:
C@p-Y8BoHc#?
Email To:
[email protected]

Targets

- Target
  
  8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f.hta
- Size
  
  164KB
- MD5
  
  63144d8097791d805f2e04403fea9727
- SHA1
  
  a6b828a4351d7d623e9f46ce3dac78f83a145f4e
- SHA256
  
  8aca79c93ec42b8bd01a7dc5658d82c8282738cf178428ba68abfe64f2bfc24f
- SHA512
  
  6fa04043272a24c1f5bc89fcb0a3fe954e16f51d1257aa25980be5e0517bcdd5e541a25fa01eac50b479b9c945db08497d76f5f4b1d264f0c86b4820ec7dcf4d
- SSDEEP
  
  48:7oa+awjz7eWLB227r05bBqeTqfxtRzpyaLGf10px/YsfyfAgs80iJAT:Ea+n7j7wO3HZkUfy4SAT
Score

10^/10

defense_evasion discovery execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Evasion via Device Credential Deployment
  defense_evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

behavioral2

agenttesladefense_evasiondiscoveryexecutionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy