agenttesla | 3ce79a98923281b0d7b172cbaf67cbedda8b113cc09034f243e4b4075aa4bd34 | Triage

Submit
Reports

Overview

overview

Static

static

IAENMAIL-A...df.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

IAENMAIL-A4-220520-0830-0002708_pdf.gz
Size

728KB
Sample

220923-kelh8ahfdk
MD5

11086efe0ab985e0a597eca8c43645bf
SHA1

9f7aef4c6b0886d77b4ecc5c445d0b3a4fe2a543
SHA256

3ce79a98923281b0d7b172cbaf67cbedda8b113cc09034f243e4b4075aa4bd34
SHA512

e1bfdd9b36c41640c12a1cd5a19cc80fa46f51f083969c5df187873bd7738ea69f5a9349dc2384058bb966262cd641e287292b90760e5e5b726601c43499d8af
SSDEEP

12288:ya3G9y6ZhjN24MxLQwLP6G0y+0e+ndGOyD+KmIhJkXFQysg6vRrwi4bOr4:ya3GHhB2XiKPwyXeNfhmIDkzsgelEO0

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IAENMAIL-A4-220520-0830-0002708.pdf.exe

Resource

win10v2004-20220812-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2122434962:AAFqluKwJfwmfN8BZ9xq0IjlIijJbDmwbKs/

Targets

- Target
  
  IAENMAIL-A4-220520-0830-0002708.pdf.exe
- Size
  
  996KB
- MD5
  
  88b3065b14e84870d2f9095620213771
- SHA1
  
  703ea473236a39ccbc0c9e738c4db97b4502ba86
- SHA256
  
  24afad2bf798a2fb2052ab4cbb97c27830d1fdc1cf745e00c533b2dd7d6a0ec7
- SHA512
  
  dd4f87a8dfde1a46ef5c2c5ab20d263600b4427e1d20a4d918a2a6e7b8b75bf64f75a7c313412421c4f34a890953c76c3093d0d95bf2c1ee5873dca95747b3f9
- SSDEEP
  
  12288:JhLuyAH96igYdCABvV8TrV0NM0gqeFYN+GlbKNfeBErfrpuZbU:JhLuyyEYQSvV8TrKNMZYocKQWo
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy