agenttesla | 3c2129e1c7b154ba70dcb01035d8538f8092d5091f38048a02254cc435701248 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

Sharing

General

Target

QUOTATION_JUL7FIBA00541·PDF.scr
Size

1.4MB
Sample

230710-jfddkaaa4y
MD5

9cab33d5a009f172c6da95483dcb1e39
SHA1

7ea30e4df73e190e86f0965a743271632fa2b838
SHA256

3c2129e1c7b154ba70dcb01035d8538f8092d5091f38048a02254cc435701248
SHA512

9442f55ca56c6795e41dd7dc255d83ed71cddc9512168f1479c0af02fbd029800c890f991fad6bbc3637743b17e948b9fd55edaec15c1a1dd31d3f5032e4453b
SSDEEP

24576:YijgHRq0p5Bsc/n/8yaErOzGa6DG0FhP:YiM8I1//xYGa6S0Fx

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_JUL7FIBA00541·PDF.scr

Resource

win7-20230705-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_JUL7FIBA00541·PDF.scr

Resource

win10v2004-20230703-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
uyczbxwvtjkwuqzk
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_JUL7FIBA00541·PDF.scr
- Size
  
  1.4MB
- MD5
  
  9cab33d5a009f172c6da95483dcb1e39
- SHA1
  
  7ea30e4df73e190e86f0965a743271632fa2b838
- SHA256
  
  3c2129e1c7b154ba70dcb01035d8538f8092d5091f38048a02254cc435701248
- SHA512
  
  9442f55ca56c6795e41dd7dc255d83ed71cddc9512168f1479c0af02fbd029800c890f991fad6bbc3637743b17e948b9fd55edaec15c1a1dd31d3f5032e4453b
- SSDEEP
  
  24576:YijgHRq0p5Bsc/n/8yaErOzGa6DG0FhP:YiM8I1//xYGa6S0Fx
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy