agenttesla | b3a54a632c7f6c4d1f87c78bc772e6476cbb2e4ce2de061271e7f6ba2313263d | Triage

Submit
Reports

Overview

overview

Static

static

1

LISTA COME...E.xlam

windows7-x64

LISTA COME...E.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

LISTA COMENZILOR DE ACHIZIȚIE.xlam.xlsx
Size

599KB
Sample

240220-s1w6vabd24
MD5

7f7b077fcb4392f8dad7da2c75039119
SHA1

b4c8dc00f6468022a2528361dbf598033fdb1752
SHA256

b3a54a632c7f6c4d1f87c78bc772e6476cbb2e4ce2de061271e7f6ba2313263d
SHA512

e9c88cac0eecf44a899bbf4f9d52d72b89a80c72c26988e9faf3a184603ba8a992d304d83a37805d01dab77613ef9d9a49c1340b3868f4a77265febc31455c3b
SSDEEP

12288:UTu/+Fx6EIM660RjZwbY/dkTDjlQYXJwkTx+na9:+x6EIBAY/MDwox

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

LISTA COMENZILOR DE ACHIZIȚIE.xlam

Resource

win7-20231215-en

agenttesla keylogger spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

LISTA COMENZILOR DE ACHIZIȚIE.xlam

Resource

win10v2004-20240220-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
q.15SE~j1@};

Targets

- Target
  
  LISTA COMENZILOR DE ACHIZIȚIE.xlam.xlsx
- Size
  
  599KB
- MD5
  
  7f7b077fcb4392f8dad7da2c75039119
- SHA1
  
  b4c8dc00f6468022a2528361dbf598033fdb1752
- SHA256
  
  b3a54a632c7f6c4d1f87c78bc772e6476cbb2e4ce2de061271e7f6ba2313263d
- SHA512
  
  e9c88cac0eecf44a899bbf4f9d52d72b89a80c72c26988e9faf3a184603ba8a992d304d83a37805d01dab77613ef9d9a49c1340b3868f4a77265febc31455c3b
- SSDEEP
  
  12288:UTu/+Fx6EIM660RjZwbY/dkTDjlQYXJwkTx+na9:+x6EIBAY/MDwox
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy