agenttesla | ec9fe9526ec132e17c934f5b3993f164b8cb5ec15813171c04f63ff563ad4f1e | Triage

Submit
Reports

Overview

overview

Static

static

3

Bibeskftig...21.exe

windows7-x64

Bibeskftig...21.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Bibeskftigelserne221.exe
Size

1.2MB
Sample

240313-mbqd4scg29
MD5

792dec181c3f286826d04aecd6cf32f1
SHA1

d71c41fd445053571453dd43f8071e058de19ced
SHA256

ec9fe9526ec132e17c934f5b3993f164b8cb5ec15813171c04f63ff563ad4f1e
SHA512

fddd91dc77476ba57be516a4a4893beadcb84cf7d916bc80fda92640ec8a5a6b3e3a3efba72f5d56b9a0af6bf2a8092d40131825ed2c10b99a1367e47c169748
SSDEEP

24576:7BG3e6TOKsix+24/2LoxYHum/1DJQRzEWbo/bwo:dGe6TOiE202sxYOO10UDwo

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bibeskftigelserne221.exe

Resource

win7-20240221-en

guloader downloader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bibeskftigelserne221.exe

Resource

win10v2004-20240226-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
hwuo jybd dtga lmyz

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
hwuo jybd dtga lmyz
Email To:
[email protected]

Targets

- Target
  
  Bibeskftigelserne221.exe
- Size
  
  1.2MB
- MD5
  
  792dec181c3f286826d04aecd6cf32f1
- SHA1
  
  d71c41fd445053571453dd43f8071e058de19ced
- SHA256
  
  ec9fe9526ec132e17c934f5b3993f164b8cb5ec15813171c04f63ff563ad4f1e
- SHA512
  
  fddd91dc77476ba57be516a4a4893beadcb84cf7d916bc80fda92640ec8a5a6b3e3a3efba72f5d56b9a0af6bf2a8092d40131825ed2c10b99a1367e47c169748
- SSDEEP
  
  24576:7BG3e6TOKsix+24/2LoxYHum/1DJQRzEWbo/bwo:dGe6TOiE202sxYOO10UDwo
Score

10^/10

guloader downloader agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy