agenttesla | 13b93e8c98451404ea35623ebc7027217cfc5e6570d05a5a8b65a35283a7be9d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Statement ...__.exe

windows7-x64

3

Statement ...__.exe

windows10-2004-x64

Sharing

General

Target

Statement Of Account Due.pdf______________________________________________.rar
Size

600KB
Sample

231011-yx1bzsae4t
MD5

77cf68625154aa665882b12f39fdd1d8
SHA1

624ad85478f8350d52ebf351fcfe9d4193b5a404
SHA256

13b93e8c98451404ea35623ebc7027217cfc5e6570d05a5a8b65a35283a7be9d
SHA512

90c4e6084ba4f914d7c6cb77b5ecafb2478c4fe7a3460fff8f25ea0f2e4bdfaf75cb7a3d4b0b40f9ce2a1e5540cee6b6d4079471ac8615162dfe01e7e10ae8b4
SSDEEP

12288:q+7SM0x4kXzRG5P3ucy0xuQfNCM5QFtmTgGz13msX/gq+JkTexi9L:qsSM84kDk5Py0xuQfNCM5qtmE81msXIw

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Statement Of Account Due.pdf______________________________________________.exe

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Statement Of Account Due.pdf______________________________________________.exe

Resource

win10v2004-20230915-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.expertsconsultgh.co
Port:
587
Username:
[email protected]
Password:
Oppong.2012
Email To:
[email protected]

Targets

- Target
  
  Statement Of Account Due.pdf______________________________________________.exe
- Size
  
  754KB
- MD5
  
  390f382ef3a2d76e22e1a9481bcf1f64
- SHA1
  
  5e6f4341178f0871ed2b5520422cfb51d3eb9819
- SHA256
  
  a92454653447052d1a4d2342adeae2ae74a0499868a6fbd7834773b47b368cb7
- SHA512
  
  b9d8b2b78723d1f1ba3339ba9282b395d075ac63e48b3c3927a5ec3226eef26f617aba97597e0db4bcbcb9c9ff193255f57894b40e38e7aac606b8683ddf66c0
- SSDEEP
  
  12288:Izo+r8HbbwArD6L4qb+TfdMxHKmnPmcdtpf5HYUx2dv+HXqwHiDyody3mEq:u8HVDCDb+TfmlKcPm4HYe2dtvE0
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy