agenttesla | ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa | Triage

Submit
Reports

Overview

overview

Static

static

3

ba1e358e70...aa.exe

windows7-x64

ba1e358e70...aa.exe

windows10-2004-x64

Sharing

General

Target

ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa
Size

1.5MB
Sample

250112-bs2b6a1lcp
MD5

db8f710057943cb3dce2046e25e6e35b
SHA1

7a34852dbc16c59a4925b941df8866a1c0eb2c57
SHA256

ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa
SHA512

aaf40ad8629af9af78afdcf356e5a0876ed08ad90323f29ac8cbff816d8f320aa986be0ed2efa753e8716b7cfa9d321721b5a126b0c36326842fb7dc42f78431
SSDEEP

24576:ff5+TDX7PGhhh4V/awamfnHz8rwWGjFlshfyv1RIAhjLoamMiX4lNmZg0YxegPb3:CDX7ufKHYfuPsojLoyEkmZ9Y14

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.manpowerpooling.ro/
Port:
21
Username:
[email protected]
Password:
[I!(NTu2sMRF}[FaDaA+ExX&vf;nA7XhGBkd

Targets

- Target
  
  ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa
- Size
  
  1.5MB
- MD5
  
  db8f710057943cb3dce2046e25e6e35b
- SHA1
  
  7a34852dbc16c59a4925b941df8866a1c0eb2c57
- SHA256
  
  ba1e358e70a05c1b265f128f7a7929484a37505bcb3eb3b8a56bc8a6600acdaa
- SHA512
  
  aaf40ad8629af9af78afdcf356e5a0876ed08ad90323f29ac8cbff816d8f320aa986be0ed2efa753e8716b7cfa9d321721b5a126b0c36326842fb7dc42f78431
- SSDEEP
  
  24576:ff5+TDX7PGhhh4V/awamfnHz8rwWGjFlshfyv1RIAhjLoamMiX4lNmZg0YxegPb3:CDX7ufKHYfuPsojLoyEkmZ9Y14
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy