agenttesla | 56a70c1c451dbe2ca1f0cd49d8f7783846ac5b17066f25c9e13528518ab04e68 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

PO. 5502276195.exe

windows7-x64

PO. 5502276195.exe

windows10-2004-x64

Sharing

General

Target

56a70c1c451dbe2ca1f0cd49d8f7783846ac5b17066f25c9e13528518ab04e68
Size

606KB
Sample

241211-bj81mssraq
MD5

b0cba0f7860e10b2c629698ad9d8cfda
SHA1

0d91088c1ec6db586b6cd013a7e0821b41f4b263
SHA256

56a70c1c451dbe2ca1f0cd49d8f7783846ac5b17066f25c9e13528518ab04e68
SHA512

bcac265d3ed2106ea60f1c8f80ab5b627cad71016c5245c7712be4ae7d67b06d828f941f81241de95573cc53471cd444f36acf6aa93cb800b6319341fb3d6b9a
SSDEEP

12288:vA3w7Ef95/Ev7aRbArn6k8bZbO26Ws5rJu+la4N8+Lns9e6dt:MwgfHiSu6k8g2CJla4N8cnoeE

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO. 5502276195.exe

Resource

win7-20240729-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO. 5502276195.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  PO. 5502276195.exe
- Size
  
  1.1MB
- MD5
  
  9338d5cd4b496be1a9d1f05335478acb
- SHA1
  
  7ea1a4f1800f3339616ef6d817e09f48055ee5a5
- SHA256
  
  7caba2182d240833f130242e9d5a728d4ed5b3504c06014420537018c2480b68
- SHA512
  
  107f0c7d144535c2373528141b4993de099b9d8b49d3ca8ffb8e6043a6598cf610e24b28907c362441f93593b7dbf309643fb41036b3d4552d91cc2f890f7015
- SSDEEP
  
  24576:1u6J33O0c+JY5UZ+XC0kGso6FaCxJ1a4JQOnM8pWY:Xu0c++OCvkGs9FaChjJoJY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy