agenttesla | 4f72f52545b73d039d37755b2f7c1aecea39abd72fa0dedf8081a03439406ab5 | Triage

Submit
Reports

Overview

overview

Static

static

1

DHL Confir...66.exe

windows7-x64

DHL Confir...66.exe

windows10-2004-x64

Sharing

General

Target

DHL Confirmation AWB200519089966.exe
Size

788KB
Sample

230322-qf4zvagh89
MD5

7b27f3ba2751b9eb00f4ff7bee50acae
SHA1

155b2977eb76171d1709c923df1f35b7e02b262c
SHA256

4f72f52545b73d039d37755b2f7c1aecea39abd72fa0dedf8081a03439406ab5
SHA512

f603c153b75f86997d587390f17a240ba3908b00173f83ec460e47207a7b9381d6bdb727ca75ec45a7cdcc223002540642ff4e1491a7650ec81c585e83a44f80
SSDEEP

12288:tyLttx8pfCqPNSXAtOOlbwaIWy5yw2RmNSlE3H4NW7GrRyb9:3pfCWtbbwSDw23EX4NW7GrRyh

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

DHL Confirmation AWB200519089966.exe

Resource

win7-20230220-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL Confirmation AWB200519089966.exe

Resource

win10v2004-20230220-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.shekharlogistics.com
Port:
587
Username:
[email protected]
Password:
asm@1234
Email To:
[email protected]

Targets

- Target
  
  DHL Confirmation AWB200519089966.exe
- Size
  
  788KB
- MD5
  
  7b27f3ba2751b9eb00f4ff7bee50acae
- SHA1
  
  155b2977eb76171d1709c923df1f35b7e02b262c
- SHA256
  
  4f72f52545b73d039d37755b2f7c1aecea39abd72fa0dedf8081a03439406ab5
- SHA512
  
  f603c153b75f86997d587390f17a240ba3908b00173f83ec460e47207a7b9381d6bdb727ca75ec45a7cdcc223002540642ff4e1491a7650ec81c585e83a44f80
- SSDEEP
  
  12288:tyLttx8pfCqPNSXAtOOlbwaIWy5yw2RmNSlE3H4NW7GrRyb9:3pfCWtbbwSDw23EX4NW7GrRyh
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy