agenttesla | b88d4191fa5c0323acbe3ce49ae0a5d3f5e85382f59a91da08e5f601a57f2ce0 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...98.exe

windows7-x64

JaffaCakes...98.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_9cf8b43bd3a4745ffac6ed014f47a398
Size

915KB
Sample

250108-nj6azazphk
MD5

9cf8b43bd3a4745ffac6ed014f47a398
SHA1

c496bfb1531bebff3e8e28cb9ccbda8a33c42288
SHA256

b88d4191fa5c0323acbe3ce49ae0a5d3f5e85382f59a91da08e5f601a57f2ce0
SHA512

083aa5c79a4c5676cc55773eb6cbb586681c6b2ef48ba9e9b9a5593af701a966a4f46fad921b83f0dd4c8eb8c3fdc0180ddd78c3be19d1d0569725173c5cd993
SSDEEP

12288:e1ExgKPSvX7zCxcoirdwHwhjm+2c1a2uVXpfF7QOYZFkDOglzAKp:1G0STGxcacjahDlDp

Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_9cf8b43bd3a4745ffac6ed014f47a398.exe

Resource

win7-20240708-en

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_9cf8b43bd3a4745ffac6ed014f47a398.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.royals-store.com
Port:
587
Username:
[email protected]
Password:
Experience1994

Targets

- Target
  
  JaffaCakes118_9cf8b43bd3a4745ffac6ed014f47a398
- Size
  
  915KB
- MD5
  
  9cf8b43bd3a4745ffac6ed014f47a398
- SHA1
  
  c496bfb1531bebff3e8e28cb9ccbda8a33c42288
- SHA256
  
  b88d4191fa5c0323acbe3ce49ae0a5d3f5e85382f59a91da08e5f601a57f2ce0
- SHA512
  
  083aa5c79a4c5676cc55773eb6cbb586681c6b2ef48ba9e9b9a5593af701a966a4f46fad921b83f0dd4c8eb8c3fdc0180ddd78c3be19d1d0569725173c5cd993
- SSDEEP
  
  12288:e1ExgKPSvX7zCxcoirdwHwhjm+2c1a2uVXpfF7QOYZFkDOglzAKp:1G0STGxcacjahDlDp
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy