agenttesla | cd778d0104c736ba30345dd9563b44ef91af6e67e220c82bce341148fd3a486a | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...13.exe

windows7-x64

JaffaCakes...13.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_9823f7e948183b00c21118b449928b13
Size

402KB
Sample

250105-kjg2la1lcr
MD5

9823f7e948183b00c21118b449928b13
SHA1

3cc0a60deb05754df077d61cfd3686dbf22aaae7
SHA256

cd778d0104c736ba30345dd9563b44ef91af6e67e220c82bce341148fd3a486a
SHA512

3bcb625f108ecedc29bd87bbcced8ebae8c6ba5e54ef14cfd0756b4f161e09aa03dcf2c17f460c8165889b9dcc9bba23ae497494c21122b56498abc9455df5be
SSDEEP

6144:kTIsqMJytt5RxiGMByZk1YjSn1bojcLv8DIW6myoN3+K2DGH8LA5AsXnY:8ZqMoYmj8bosnBmv+ZZLmAso

Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_9823f7e948183b00c21118b449928b13.exe

Resource

win7-20241010-en

agenttesla collection credential_access discovery keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_9823f7e948183b00c21118b449928b13.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1842959733:AAFY3p5rwdG6JV0Y6_CQjuDBIdfxG4yDKKA/sendDocument

Targets

- Target
  
  JaffaCakes118_9823f7e948183b00c21118b449928b13
- Size
  
  402KB
- MD5
  
  9823f7e948183b00c21118b449928b13
- SHA1
  
  3cc0a60deb05754df077d61cfd3686dbf22aaae7
- SHA256
  
  cd778d0104c736ba30345dd9563b44ef91af6e67e220c82bce341148fd3a486a
- SHA512
  
  3bcb625f108ecedc29bd87bbcced8ebae8c6ba5e54ef14cfd0756b4f161e09aa03dcf2c17f460c8165889b9dcc9bba23ae497494c21122b56498abc9455df5be
- SSDEEP
  
  6144:kTIsqMJytt5RxiGMByZk1YjSn1bojcLv8DIW6myoN3+K2DGH8LA5AsXnY:8ZqMoYmj8bosnBmv+ZZLmAso
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy