agenttesla | 7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998 | Triage

Submit
Reports

Overview

overview

Static

static

3

7428cf1032...98.exe

windows7-x64

7428cf1032...98.exe

windows10-2004-x64

Sharing

General

Target

7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998
Size

1.2MB
Sample

250111-byqgvaxlcv
MD5

b45cff738ede029e07b9999764233a1f
SHA1

e05cbdd2e8e188ac15a0cc20e214b17492efdf3c
SHA256

7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998
SHA512

976d0362e56b1dd0d6487acfc6b00ab4c9e0d532eb02139c27c4f538cb56525d66c4de1c8a70f2f8fb999fe6bfddcbf90c927d3af221b79b6de20c97e19fa212
SSDEEP

24576:yOR6Uzpk4DdsvLv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:yOR6H7ljLoyEkmZ9Y14

Score

10^/10

agenttesla collection credential_access discovery keylogger persistence privilege_escalation spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998.exe

Resource

win7-20240903-en

agenttesla collection credential_access discovery keylogger persistence privilege_escalation spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery keylogger persistence privilege_escalation spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.shoegalleryonline.com
Port:
587
Username:
[email protected]
Password:
Michelle2140!

Targets

- Target
  
  7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998
- Size
  
  1.2MB
- MD5
  
  b45cff738ede029e07b9999764233a1f
- SHA1
  
  e05cbdd2e8e188ac15a0cc20e214b17492efdf3c
- SHA256
  
  7428cf1032e1f721a99c20844e61417d354002f2439e3b240c1fccca5764c998
- SHA512
  
  976d0362e56b1dd0d6487acfc6b00ab4c9e0d532eb02139c27c4f538cb56525d66c4de1c8a70f2f8fb999fe6bfddcbf90c927d3af221b79b6de20c97e19fa212
- SSDEEP
  
  24576:yOR6Uzpk4DdsvLv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:yOR6H7ljLoyEkmZ9Y14
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence privilege_escalation spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerpersistenceprivilege_escalationspywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerpersistenceprivilege_escalationspywarestealertrojan

© 2018-2025

Terms | Privacy