agenttesla | e66ed8d87430588f029d4ed6787d54de508b271fca3d2266023ae1f0c69d75e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...e3.exe

windows7-x64

JaffaCakes...e3.exe

windows10-2004-x64

7

$PLUGINSDI...mq.dll

windows7-x64

$PLUGINSDI...mq.dll

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_f1e3f54edbeffd5786fb49487872f2e3
Size

453KB
Sample

250111-aer1wswrdp
MD5

f1e3f54edbeffd5786fb49487872f2e3
SHA1

22418d61c9a779f6a1e651928ba86b36755abd78
SHA256

e66ed8d87430588f029d4ed6787d54de508b271fca3d2266023ae1f0c69d75e2
SHA512

c8a029af97c5ded5cb3aaccba31b6f0753d6a92c49c93f22e1cc20061ec2a29fd2d033b643e1fa4ea1f39f3cb1a9fa4980aae078c9a510e717ec294a260316a1
SSDEEP

6144:pBlL/cC95z7t6MRObOjPnEezm7m6mBmtRm+mQsUKCI887/+JUrhoItI8SCjegF5A:PObbazoTFQ99qX9NZQZ3The

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_f1e3f54edbeffd5786fb49487872f2e3.exe

Resource

win7-20241010-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_f1e3f54edbeffd5786fb49487872f2e3.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/cxapxirycmq.dll

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/cxapxirycmq.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_f1e3f54edbeffd5786fb49487872f2e3
- Size
  
  453KB
- MD5
  
  f1e3f54edbeffd5786fb49487872f2e3
- SHA1
  
  22418d61c9a779f6a1e651928ba86b36755abd78
- SHA256
  
  e66ed8d87430588f029d4ed6787d54de508b271fca3d2266023ae1f0c69d75e2
- SHA512
  
  c8a029af97c5ded5cb3aaccba31b6f0753d6a92c49c93f22e1cc20061ec2a29fd2d033b643e1fa4ea1f39f3cb1a9fa4980aae078c9a510e717ec294a260316a1
- SSDEEP
  
  6144:pBlL/cC95z7t6MRObOjPnEezm7m6mBmtRm+mQsUKCI887/+JUrhoItI8SCjegF5A:PObbazoTFQ99qX9NZQZ3The
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/cxapxirycmq.dll
- Size
  
  20KB
- MD5
  
  f9c99f7e3b80bd0757ccad6a4ee2c795
- SHA1
  
  e487ee3c5fc3d1e0817a8c5646ed042312a8ad83
- SHA256
  
  963d2beb680b2f7b490063c3f248ae28fdadec39b0b9542c4b79a48f07bbd907
- SHA512
  
  c4ed2f2dc2b6d79f3f37433023428bfe7607360e257864e29fab249619e666df5b00542640d89f29ae510f83e514b41eba14fcc3232e9416a0b8e248eb59b01c
- SSDEEP
  
  384:7ANhp0pWEbbJVpptCxAoNI2M+qjMoejTJ1Yl5Zn:Ghp0cEbbJPp/NQoyJ1Y7Z
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

© 2018-2025

Terms | Privacy