agenttesla | 5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc | Triage

Submit
Reports

Overview

overview

Static

static

7

5a5525eff8...dc.exe

windows7-x64

5a5525eff8...dc.exe

windows10-2004-x64

Sharing

General

Target

5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc
Size

548KB
Sample

240708-bhn9vaxdqf
MD5

cc61acf84bfefceac2d75b3e1147cfc7
SHA1

51d00ffb99a7d957f4cf4ca2efa8bf791857f82f
SHA256

5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc
SHA512

f21f85e5e0adc3b7e70b7d1e48b4fc096c7d4d003beb7d7a68cc0958f732cb5618c20880ce0b533113b707ba223a100bcb04c9ab2242e70ba4260bb7786b5e35
SSDEEP

12288:gYV6MorX7qzuC3QHO9FQVHPF51jgcbkCZpC1/P3e90pK2zPYY:/BXu9HGaVHu//eOzYY

Score

10^/10

agenttesla keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc.exe

Resource

win7-20240705-en

agenttesla keylogger spyware stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc.exe

Resource

win10v2004-20240704-en

agenttesla keylogger spyware stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc
- Size
  
  548KB
- MD5
  
  cc61acf84bfefceac2d75b3e1147cfc7
- SHA1
  
  51d00ffb99a7d957f4cf4ca2efa8bf791857f82f
- SHA256
  
  5a5525eff8cc78254107015a961a3014eaf26d592c546f2884cd328ecb756cdc
- SHA512
  
  f21f85e5e0adc3b7e70b7d1e48b4fc096c7d4d003beb7d7a68cc0958f732cb5618c20880ce0b533113b707ba223a100bcb04c9ab2242e70ba4260bb7786b5e35
- SSDEEP
  
  12288:gYV6MorX7qzuC3QHO9FQVHPF51jgcbkCZpC1/P3e90pK2zPYY:/BXu9HGaVHu//eOzYY
Score

10^/10

agenttesla keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojanupx

behavioral2

agentteslakeyloggerspywarestealertrojanupx

© 2018-2025

Terms | Privacy