agenttesla | 1ff2fd90e77ffcfc8abc0248b9c08e460cfb04c1865ad1d3628f26c5b60c5a07 | Triage

Submit
Reports

Overview

overview

Static

static

3

RPLTFL024962021.exe

windows7-x64

RPLTFL024962021.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_e8d1ee46ef1dcfe29eb2817c8d7f0614
Size

615KB
Sample

250110-tyrzsazjex
MD5

e8d1ee46ef1dcfe29eb2817c8d7f0614
SHA1

fde9987bfb20f9ffe8b1f446112009c4a261a12a
SHA256

1ff2fd90e77ffcfc8abc0248b9c08e460cfb04c1865ad1d3628f26c5b60c5a07
SHA512

3ca1bcd680106e2e73bd9523b87c42defe4038250989ead262e4dbc5b86f9885f46ce337f92fa5d8a7a181bd7099ab57cf8f85e3fba582b9422f6d21ae710ba1
SSDEEP

12288:uh3RifInPj7TY2BxRNa+1SI8p8wLIxAtdLHze06NqL:g3Ey/JNa+1SMwLIxAtBHzzJL

Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RPLTFL024962021.exe

Resource

win7-20240729-en

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

RPLTFL024962021.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
uscentral50.myserverhosts.com
Port:
587
Username:
[email protected]
Password:
waters@789

Targets

- Target
  
  RPLTFL024962021.exe
- Size
  
  532KB
- MD5
  
  000b20cafe3744650b7247750d511876
- SHA1
  
  08204bead740b34c4628daf7888ac0a10db4d146
- SHA256
  
  de54f743f7013404a6b143790034fbdc9636f75dfb1d914c6c3176ade71d0e61
- SHA512
  
  5669912fa0e06a2e1a34466973e3e6028a83cf0ea7fe64fb5cd79878cb3a2cae01533acdd31d17051bd0baa739804c0af1bd57b0e78367863227155fc50f2f45
- SSDEEP
  
  12288:U6GEEyLdRgd1pmAkw2TySu7v6rnq+8+qKNI9:UadRqYH1u7ij98+I
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy