agenttesla | 0a118a465e67827300eb108aba333ffcb38bb66ee4ae821f521b7a6dd5b80279 | Triage

Submit
Reports

Overview

overview

Static

static

3

Outstandin...DF.exe

windows7-x64

Outstandin...DF.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0a118a465e67827300eb108aba333ffcb38bb66ee4ae821f521b7a6dd5b80279
Size

713KB
Sample

231226-lvgqmsbge4
MD5

60f3bd4f4ac39924f03f74c218c10463
SHA1

2a0946ec4dcc027772664e451761cec63dddae14
SHA256

0a118a465e67827300eb108aba333ffcb38bb66ee4ae821f521b7a6dd5b80279
SHA512

215524b768fe54026f5c8ef82173afc224d49aae3ebf94d2a6cd126b26e5f2d447969eb2a92812b18536e880e51a8cfa14ca78f25acd93a8db6f3e7d0bea12db
SSDEEP

12288:upIzrZ7CoM8M5vGCWxEHx6FVPZh5yOsdPaToQcN2ZtAx1Qv6UEZ+huva5VZ:usrdCn8M5u4x61h8OsdPaTohNsAUv67y

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Outstanding Payments 2023 #00432.PDF.exe

Resource

win7-20231215-en

agenttesla keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Outstanding Payments 2023 #00432.PDF.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6326530812:AAEaPeWO8gwuSDDOiARcprRJbds4ct-T6dQ/

Targets

- Target
  
  Outstanding Payments 2023 #00432.PDF.exe
- Size
  
  945KB
- MD5
  
  d5b180d22bd1d7e49f616e5b8cfdd0b3
- SHA1
  
  402be951165501853fb889cf34767a3b9abfcd69
- SHA256
  
  8f097644a59a8d6e788d527323bc56ab9b3cc13fdc8e3173bd9ceccb8bad031d
- SHA512
  
  d44a2885f17c11b121245bb9428c2988143cabe0e265695a19a49425a141ffaee3af0dcbdae813b41a54be12b6e926cfaba6b3199df5bcee2a8f13189f27f67a
- SSDEEP
  
  12288:KU6wmXUVUwg1dAGYWnE7qQIFZhlcOOdPqDQQgT2xtwN3UHAXRHz:J21dJJQIjh2OOdPqDQbT0wuaF
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy