agenttesla | bfc02cc838f9c37b322bc2a390f7cc864c8ba3f817b66c2f0ebdd19d17622011 | Triage

Submit
Reports

Overview

overview

Static

static

1

Quotation ...df.exe

windows7-x64

Quotation ...df.exe

windows10-2004-x64

Sharing

General

Target

Quotation From Al Ghanim Fencing Industries Co. Ltd.pdf.exe
Size

631KB
Sample

240319-md19dshe25
MD5

91ed698911c07815e6fd3b5c9e6d839c
SHA1

61fc14ca808c0d215065fe13e6be4906f98b8abd
SHA256

bfc02cc838f9c37b322bc2a390f7cc864c8ba3f817b66c2f0ebdd19d17622011
SHA512

78d521d3335da13979089a19b4c13ba3ede51d3abdba65d51dadb7e54128e415d63b862d6b5c150d289835a87c688c95e9f836f2d3fd1728ecdbd88e84fe266d
SSDEEP

12288:9NfDSmf2yv92LY9rxL6KX4d8mzD0pdZYYTaCtW7QmTZCAPL2KGOJRYWq4kR:9NfDz202M9rZ678mz4PJTaCZmTAAKOJM

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation From Al Ghanim Fencing Industries Co. Ltd.pdf.exe

Resource

win7-20231129-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation From Al Ghanim Fencing Industries Co. Ltd.pdf.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.animetals.com.my
Port:
587
Username:
[email protected]
Password:
8VHMY#KF%kpF
Email To:
[email protected]

Targets

- Target
  
  Quotation From Al Ghanim Fencing Industries Co. Ltd.pdf.exe
- Size
  
  631KB
- MD5
  
  91ed698911c07815e6fd3b5c9e6d839c
- SHA1
  
  61fc14ca808c0d215065fe13e6be4906f98b8abd
- SHA256
  
  bfc02cc838f9c37b322bc2a390f7cc864c8ba3f817b66c2f0ebdd19d17622011
- SHA512
  
  78d521d3335da13979089a19b4c13ba3ede51d3abdba65d51dadb7e54128e415d63b862d6b5c150d289835a87c688c95e9f836f2d3fd1728ecdbd88e84fe266d
- SSDEEP
  
  12288:9NfDSmf2yv92LY9rxL6KX4d8mzD0pdZYYTaCtW7QmTZCAPL2KGOJRYWq4kR:9NfDz202M9rZ678mz4PJTaCZmTAAKOJM
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy