agenttesla | 4278d68fa6e6266797239e12bed7b937b48f1f80decc16261b84a485f4b08ea0 | Triage

Submit
Reports

Overview

overview

Static

static

3

IMG_6087721402pdf.exe

windows7-x64

IMG_6087721402pdf.exe

windows10-2004-x64

Sharing

General

Target

IMG_6087721402pdf.exe.bin
Size

1.4MB
Sample

230501-ydgqjahg9v
MD5

3334a90396005ed7feeae9dd18f7e678
SHA1

6a6e79258939f7a81eb64e9605bc73ad89164d9d
SHA256

4278d68fa6e6266797239e12bed7b937b48f1f80decc16261b84a485f4b08ea0
SHA512

dafad78a3b235612ccdf6e2bb2cdd6ca915b4b7ad7a70ea4608a75bce3bca5e31a4b4ecdbdbbcbb042acf84bff9cc1496fc7bc364680db64f97dbdd5a6082673
SSDEEP

24576:WPfqCaMh2GVnWf0UAz7yabl+XMuMberEsAxNzZhs:XGg0N35i0

Score

10^/10

agenttesla redline collection infostealer keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

IMG_6087721402pdf.exe

Resource

win7-20230220-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

IMG_6087721402pdf.exe

Resource

win10v2004-20230220-en

agenttesla redline collection infostealer keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
logxtai.shop
Port:
587
Username:
[email protected]
Password:
g%=fFsvUUCI*
Email To:
[email protected]

Targets

- Target
  
  IMG_6087721402pdf.exe.bin
- Size
  
  1.4MB
- MD5
  
  3334a90396005ed7feeae9dd18f7e678
- SHA1
  
  6a6e79258939f7a81eb64e9605bc73ad89164d9d
- SHA256
  
  4278d68fa6e6266797239e12bed7b937b48f1f80decc16261b84a485f4b08ea0
- SHA512
  
  dafad78a3b235612ccdf6e2bb2cdd6ca915b4b7ad7a70ea4608a75bce3bca5e31a4b4ecdbdbbcbb042acf84bff9cc1496fc7bc364680db64f97dbdd5a6082673
- SSDEEP
  
  24576:WPfqCaMh2GVnWf0UAz7yabl+XMuMberEsAxNzZhs:XGg0N35i0
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan redline infostealer
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaredlinecollectioninfostealerkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy