agenttesla | 4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

4fe755c27d...sx.xls

windows7-x64

4fe755c27d...sx.xls

windows10-2004-x64

1

Sharing

General

Target

4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406xlsx.xls
Size

391KB
Sample

231207-x35yzsfh7y
MD5

5ea33b2a54dd29dc6d5a3b049dc8a2d1
SHA1

5bc312ad946e5fe8258d6c4669b3fad66ae4fa3b
SHA256

4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406
SHA512

2ca5a6b3792c9a70e8fc025c10a451a2972a9edc2869145d4a0a508fb4c8251c130d2f54fef11acf5c6f94de344782989055301b3c8dcbeaa43b9cd9e24cc32e
SSDEEP

12288:+OeGxSqKjij4a3DjM/In2zyojn1v3UICbk:+OeGxBEezj8In5oD1v12

Score

10^/10

agenttesla guloader collection downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406xlsx.xls

Resource

win7-20231201-en

agenttesla guloader collection downloader keylogger spyware stealer trojan

windows7-x64

27 signatures

150 seconds

Behavioral task

behavioral2

Sample

4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406xlsx.xls

Resource

win10v2004-20231130-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
mojovagina@elquijotebanquetes.com
Password:
q.15SE~j1@};

Targets

- Target
  
  4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406xlsx.xls
- Size
  
  391KB
- MD5
  
  5ea33b2a54dd29dc6d5a3b049dc8a2d1
- SHA1
  
  5bc312ad946e5fe8258d6c4669b3fad66ae4fa3b
- SHA256
  
  4fe755c27dc035254521204ace429e7d2229d51a503bba1678c035d0138cd406
- SHA512
  
  2ca5a6b3792c9a70e8fc025c10a451a2972a9edc2869145d4a0a508fb4c8251c130d2f54fef11acf5c6f94de344782989055301b3c8dcbeaa43b9cd9e24cc32e
- SSDEEP
  
  12288:+OeGxSqKjij4a3DjM/In2zyojn1v3UICbk:+OeGxBEezj8In5oD1v12
Score

10^/10

agenttesla guloader collection downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaguloadercollectiondownloaderkeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.