agenttesla | 4202f7fb5710bdb128f6619b2f441cca74c2637267cb1a37b955d7563522ac1b | Triage

Sharing

General

Target

4202f7fb5710bdb128f6619b2f441cca74c2637267cb1a37b955d7563522ac1b
Size

6.0MB
Sample

250116-bgbx5avkek
MD5

dbcf2eee040be2f2c3db3bda7ed99cac
SHA1

e49e4eefc8facaf8ddfde019234b1182039cc74d
SHA256

4202f7fb5710bdb128f6619b2f441cca74c2637267cb1a37b955d7563522ac1b
SHA512

4d5422ddb561f61cae0a9b8ff85bfc0735a3d7a87eaaf4d55759937495e6c4cdc49b84b2e3bfdffddbab28f9e1da8b67eb50d978acc8deef6dc5484ff3f0ad2b
SSDEEP

98304:+Tzfolyi0EtiLUphlSJIOefBKON9yzxnsPbwPSeGZTqqN2uvDhM37h9JhrfWSiMS:+Tzfyy8gjIPUOrKtsPbKSedqN2AGLhra

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7220431026:AAHszs0XzPcajloTXlLJDVKab99uNUvPaok/

Targets

- Target
  
  Adag_Quotation_2025-1-14.exe
- Size
  
  51KB
- MD5
  
  a2e9a84eae8e9aaa4bb868bb66f49ce0
- SHA1
  
  f07429c1bc59a2635ac4643482f5e4fd9cbec8ca
- SHA256
  
  e4dbe778ab4b0e7df0897c648caf862ed25d15287754c90533ec755a6629e71b
- SHA512
  
  dfe534cad23933d9335d8d196a4e215916d2579986222cb4b45b7b88eba3ea6f908750f06c33f7fe9c6337b125ea0408019c2324ca5360e3baacc02a67e919d6
- SSDEEP
  
  768:essD+DOMB/IhjWxz8bUDGt9l20Gu/aG9yGON3PKILYijFUs3h+q:ej89GSob7vY0Gu/cV/L7Zv3h+q
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  heif.dll
- Size
  
  1.3MB
- MD5
  
  53ef71e5b537ee5b4c1dac26142781e0
- SHA1
  
  5c615a3558e1ae87d1af51a205893b10d50fc0d0
- SHA256
  
  0338d145cd8031fe359cc4d5feb62060aecee9fab76f58c76f31e4f2167e11d4
- SHA512
  
  7e92cc792ec93433d4ae1220d7e3d3c6c763d220e5123a1f1ca0e6ad282c4015de9a05ed7011274b16b56bdcfb91a3966b4ef18b69ec5c084c569cc3a50fc27b
- SSDEEP
  
  24576:PpMjSJGKw1B5R8Wc7G0gfdUFg3CbypD2lMJd05FXDDnvjWQx/KhxWuuWW7UNbryB:PpsSJGKwzX8MfdUFg3CbypD2lMJd05F1
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  libde265.dll
- Size
  
  12.4MB
- MD5
  
  0f07a713108d251c74b235b11b323b93
- SHA1
  
  f03f2e4e8843e039ae956cc7c2ce0dd1b3323e18
- SHA256
  
  e35a0f3e82daf61614b69c1bf096fad9c1fb68de33579667be0eb43d2858c9e6
- SHA512
  
  7c37c93b01ab44282298975136cb11e34d9ad39fd40960cbbf746451c4396fd0bacfc58ba8925921f4d02460e4982da780fe756a1e8eea25d9b79956eb0ea437
- SSDEEP
  
  393216:iFziWEngnLZiYyR/4uQ5kEgwDRsaFFjURvH8jeVU7/TrwibUJ/KJDfd0:OfdiYyR/4uQ5kEgwDRsaFFjURvH8jeVH
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral5

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral6

agenttesladiscoverykeyloggerspywarestealertrojan