agenttesla | 5be83ffe52e6517112f47fbda458f69711f7817f64520810b4254f467b0b6fcd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

PURCHASE O...df.exe

windows7-x64

PURCHASE O...df.exe

windows10-2004-x64

Sharing

General

Target

PURCHASE ORDER.pdf.rar
Size

567KB
Sample

230717-h1cgbsaf39
MD5

03b52383fdbc16cce0d0321df47f8cb8
SHA1

5fa1735dcdb616d3f0c7adec5c6d69e12e300492
SHA256

5be83ffe52e6517112f47fbda458f69711f7817f64520810b4254f467b0b6fcd
SHA512

bd24634470f6e1c03a98bea2cfe5d319ae7d2700a3396ad4f7da3646852d430a7490a6f6fffff9c75603c997ce0aa667dd0c0833b803c6fbc8ea47b3af757747
SSDEEP

12288:syLztH25YdfxOcWGjUk0ZvGwU4M6iSgfEhUmmVdwtDwJam9h:syLRW5Yt4cWMwli3fSUmxtD8f

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PURCHASE ORDER.pdf.exe

Resource

win7-20230712-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

PURCHASE ORDER.pdf.exe

Resource

win10v2004-20230703-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.expertsconsultgh.co
Port:
587
Username:
[email protected]
Password:
Oppong.2012
Email To:
[email protected]

Targets

- Target
  
  PURCHASE ORDER.pdf.exe
- Size
  
  609KB
- MD5
  
  cc1654f37d3a19d363abae9afd112788
- SHA1
  
  1906b798cb71daffe4aa209383467b5dd6f19678
- SHA256
  
  ec57c2de3349840ec8ac00000c964ba5c68cda5b954f6ea4ca3ced7098257286
- SHA512
  
  5d0a27f73ebd2e3ec0fe120ee2a5e842fa9d73e3a64f003bfb670262e24f46386fd571576da1e0e5aaeca2d1d6bafd7104ea0d3ba6e4c1eab3cf806847689b3a
- SSDEEP
  
  12288:czP5fztK7xB73farrIiPBMFCQ4INiqI/V:e5fRKdBbCr0iAJNDa
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy