agenttesla | 138aff0d8edfdb550fc521bd154b8475109d8867ad758ef172c8aa553a9974ee | Triage

Submit
Reports

Overview

overview

Static

static

7

9e19f6b401...00.exe

windows7-x64

9e19f6b401...00.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

138aff0d8edfdb550fc521bd154b8475109d8867ad758ef172c8aa553a9974ee
Size

556KB
Sample

240417-rtahtsdd8y
MD5

1df3bf9d9418a898fd95ccb0c37ebf91
SHA1

cbc2ce22fd22b53a6d5e0beabe5f45e5b50d5932
SHA256

138aff0d8edfdb550fc521bd154b8475109d8867ad758ef172c8aa553a9974ee
SHA512

ed9f3bed832bcf99fb87cc4c28250252f8438b40ffd5b48ffd3c32e8669b54647b4eaa7da2bd9f2f109c751b7fb9d976ba99b04b21b03dd4cb2d9c34737fc749
SSDEEP

12288:YLgRTdpz2Uz5gtINgmPX4b1xrW4OkwokcykQy+k2yii2LxzR+GCtB64u:VR3z2ygtINgmf4brWZokc9QRUi5TOt5u

Score

10^/10

agenttesla keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9e19f6b4011cfb241e826abc5e52b9e2c5b99966a661ab548b90691b06cb3900.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e19f6b4011cfb241e826abc5e52b9e2c5b99966a661ab548b90691b06cb3900.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
4r@d15PS!-!h

Targets

- Target
  
  9e19f6b4011cfb241e826abc5e52b9e2c5b99966a661ab548b90691b06cb3900.exe
- Size
  
  707KB
- MD5
  
  6a8021f8078119a8c7c55396b3db595b
- SHA1
  
  969ef2f9d7a2c9574506d549a52965f473ca1bb6
- SHA256
  
  9e19f6b4011cfb241e826abc5e52b9e2c5b99966a661ab548b90691b06cb3900
- SHA512
  
  cf44779730c75567453ec254dd04a35f0157e13a9d1226f6b338e512b471b5a41792f5a63071999c3c6b66a7aedd8f1ffb75d68fbde9a58d18709f5ee1565a9e
- SSDEEP
  
  12288:IOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiEgOkEQ0CIKDt3TQuQaBD0:Iq5TfcdHj4fmbadHIStDJ+
Score

10^/10

agenttesla keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojanupx

behavioral2

agentteslakeyloggerspywarestealertrojanupx

© 2018-2025

Terms | Privacy