agenttesla | cf9acd5ce0b5cf930e340ba2b6650df5f7334fe3e3c5a342122895bc6f607bb2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

INQUIRY 20...03.exe

windows7-x64

INQUIRY 20...03.exe

windows10-2004-x64

Sharing

General

Target

cf9acd5ce0b5cf930e340ba2b6650df5f7334fe3e3c5a342122895bc6f607bb2
Size

555KB
Sample

241211-bkat8syjhv
MD5

756186cd098cb4d6df60c20111030b8b
SHA1

af5fd1cac43e575121a135a5159719cffd4da9a6
SHA256

cf9acd5ce0b5cf930e340ba2b6650df5f7334fe3e3c5a342122895bc6f607bb2
SHA512

8efed232639119a6bf7e8688bbb8f56febb0bb9fe7c3906a4bf9309f9208020ecb2a0b0064d5948658695b17b6088adab44fadaf3331286f29ea2b18e010c306
SSDEEP

12288:BNQANYiHoXwLlczaeRhsM5EfwYZRDIQvwEmqxnfBe6O/vdY:jQANY6oXcEae/sM5Ef4EmqxnJQtY

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

INQUIRY 2024-SP0006-B(01) INQ24-012207003.exe

Resource

win7-20241023-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

INQUIRY 2024-SP0006-B(01) INQ24-012207003.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.alltoursegypt.com
Port:
587
Username:
[email protected]
Password:
OPldome23#12klein
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.alltoursegypt.com
Port:
587
Username:
[email protected]
Password:
OPldome23#12klein

Targets

- Target
  
  INQUIRY 2024-SP0006-B(01) INQ24-012207003.exe
- Size
  
  1.0MB
- MD5
  
  8f1fc72d3ee9e32761d1adb4df2653bb
- SHA1
  
  3964bbdef5772138a8676c009441a15e1ccd2d66
- SHA256
  
  6b72b7309b58b078cbca3445adad522360f9032bd607f1389d98f99ed0f7fafb
- SHA512
  
  801b47b8162b310328e332e86a7a5b5bbf7b72c03bddda03ec41a5c328757c64fbd52f5cbd095ef9124a33e22ad13b2223f35accbf79a8a7749db6fff6ea57d1
- SSDEEP
  
  24576:6u6J33O0c+JY5UZ+XC0kGso6FarZQNnTbshRXwDxTiWY:Mu0c++OCvkGs9FarZGnvskVY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy