agenttesla | 74a772134e325f53cb54809a228f2cf32763ecd6138d67160d9ab14f6e65ed4b | Triage

Submit
Reports

Overview

overview

Static

static

1

ORDER ENQUIRY.rtf

windows7-x64

ORDER ENQUIRY.rtf

windows10-2004-x64

1

Sharing

General

Target

ORDER ENQUIRY.doc
Size

5KB
Sample

230213-lfbwvabf4t
MD5

f171857a9cc7939cc152f43316ee30d9
SHA1

50a88884f5cae5469a6558e67fbf3bc12b473a5b
SHA256

74a772134e325f53cb54809a228f2cf32763ecd6138d67160d9ab14f6e65ed4b
SHA512

b4f6b2f8ba31a817ab502bc8332286fc0707ad94ffb254b5e2afdfe5f486fdf9285f33fdecbd9fb973faf4dfbf4ca565547503b8238dd3af4b1e3aa80ecb2216
SSDEEP

96:AiAAwiD2riQQvYMM+nHkWQ8hS+FueiyMolGj1U:pAAwivQQv8W5S+Fue7MolGj1U

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ORDER ENQUIRY.rtf

Resource

win7-20221111-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER ENQUIRY.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1073351841217261789/NnPDWHoGskysnt_cVO37Yvso4HCKBMX4OJzJQ65V2g-M4gX029QlSHO_kclyL9PXI8Lw

Targets

- Target
  
  ORDER ENQUIRY.doc
- Size
  
  5KB
- MD5
  
  f171857a9cc7939cc152f43316ee30d9
- SHA1
  
  50a88884f5cae5469a6558e67fbf3bc12b473a5b
- SHA256
  
  74a772134e325f53cb54809a228f2cf32763ecd6138d67160d9ab14f6e65ed4b
- SHA512
  
  b4f6b2f8ba31a817ab502bc8332286fc0707ad94ffb254b5e2afdfe5f486fdf9285f33fdecbd9fb973faf4dfbf4ca565547503b8238dd3af4b1e3aa80ecb2216
- SSDEEP
  
  96:AiAAwiD2riQQvYMM+nHkWQ8hS+FueiyMolGj1U:pAAwivQQv8W5S+Fue7MolGj1U
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy