agenttesla | 9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266 | Triage

Submit
Reports

Overview

overview

Static

static

5

9140af1d2c...66.exe

windows7-x64

9140af1d2c...66.exe

windows10-2004-x64

Sharing

General

Target

9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266
Size

949KB
Sample

250107-bm6dxsyrbk
MD5

4aef018174ba30b2b7a44df0f765dcb9
SHA1

de625e63b0fa9694b40e7d329d0d76b6044ae4a3
SHA256

9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266
SHA512

372687b38ac0c7f0f61a820c1f56ceffe0a6442f17871c848fc0b45e6216f3ab98e2c9c0c500cfcd424033caa1f060dd8b3fbdd2419c9cd9e058b22aeb6dbad4
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCAPfW/56jZOz/L5D:7JZoQrbTFZY1iaCAnW/6Mz/L5D

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266.exe

Resource

win7-20240729-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266
- Size
  
  949KB
- MD5
  
  4aef018174ba30b2b7a44df0f765dcb9
- SHA1
  
  de625e63b0fa9694b40e7d329d0d76b6044ae4a3
- SHA256
  
  9140af1d2cebd19b0824cb72ebf8e13cbf8e4185d3857b5f59e22d169f271266
- SHA512
  
  372687b38ac0c7f0f61a820c1f56ceffe0a6442f17871c848fc0b45e6216f3ab98e2c9c0c500cfcd424033caa1f060dd8b3fbdd2419c9cd9e058b22aeb6dbad4
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCAPfW/56jZOz/L5D:7JZoQrbTFZY1iaCAnW/6Mz/L5D
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy