agenttesla | 166b56c5680d1a1d6af658167147ca5d44d1cd2df5772cae26d3d6051f8dbca7 | Triage

Submit
Reports

Overview

overview

Static

static

1

Sy-Nel Order.xlam

windows7-x64

Sy-Nel Order.xlam

windows10-2004-x64

1

Sharing

General

Target

Sy-Nel Order.xlam
Size

700KB
Sample

240129-nj2msagfe5
MD5

19161547cb1c2d2a21f69d62892b9411
SHA1

9999dcc93dab8e3373646b68536664ae7096bd4d
SHA256

166b56c5680d1a1d6af658167147ca5d44d1cd2df5772cae26d3d6051f8dbca7
SHA512

f60b3c84c7037a52241ebf3dcb3828bd0e97b42bd6632352571a9348c50d703c12a6910837643866ef475de90e93441af69c9b47794efc421cf016646057409d
SSDEEP

12288:ExnWUjSJeLg7XmKNBXwjTfaCoH6iSoJSAXw23AQE2PxinXYZ+ZzQUu6osD0ZmQ/h:eC0OVNBuTfaC4eAXPA3nI8zFu6oxYQgW

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Sy-Nel Order.xlam

Resource

win7-20231215-en

agenttesla keylogger spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Sy-Nel Order.xlam

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.awelleh3.top
Port:
587
Username:
[email protected]
Password:
Abj5Da*?5iE#
Email To:
[email protected]

Targets

- Target
  
  Sy-Nel Order.xlam
- Size
  
  700KB
- MD5
  
  19161547cb1c2d2a21f69d62892b9411
- SHA1
  
  9999dcc93dab8e3373646b68536664ae7096bd4d
- SHA256
  
  166b56c5680d1a1d6af658167147ca5d44d1cd2df5772cae26d3d6051f8dbca7
- SHA512
  
  f60b3c84c7037a52241ebf3dcb3828bd0e97b42bd6632352571a9348c50d703c12a6910837643866ef475de90e93441af69c9b47794efc421cf016646057409d
- SSDEEP
  
  12288:ExnWUjSJeLg7XmKNBXwjTfaCoH6iSoJSAXw23AQE2PxinXYZ+ZzQUu6osD0ZmQ/h:eC0OVNBuTfaC4eAXPA3nI8zFu6oxYQgW
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy