agenttesla | 13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e | Triage

Submit
Reports

Overview

overview

Static

static

5

13475ea07d...1e.exe

windows7-x64

13475ea07d...1e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e
Size

1.0MB
Sample

240723-btlm4azflr
MD5

53d2274213a28096ccbdc179859369d1
SHA1

6a01d4830b6dd2b2fd44a102a0c0633675475681
SHA256

13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e
SHA512

2dd6260a7932fc88bd86df64ef653e7c016740b344bdc0ee7773a29646a5973e6a630b38249726aeb10d5e1b11cf26fa6237b434dd3f7f407c01ecc61040ea52
SSDEEP

24576:QAHnh+eWsN3skA4RV1Hom2KXMmHadVf76BoEQs75:Hh+ZkldoPK8YadVTXE

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e.exe

Resource

win7-20240708-en

agenttesla keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e.exe

Resource

win10v2004-20240709-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.fosna.net
Port:
21
Username:
[email protected]
Password:
u;4z3V.Iir1l

Targets

- Target
  
  13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e
- Size
  
  1.0MB
- MD5
  
  53d2274213a28096ccbdc179859369d1
- SHA1
  
  6a01d4830b6dd2b2fd44a102a0c0633675475681
- SHA256
  
  13475ea07d57b0a0cb36f9af176bbdaa132317990eb4f1603ae2b4b267ecc11e
- SHA512
  
  2dd6260a7932fc88bd86df64ef653e7c016740b344bdc0ee7773a29646a5973e6a630b38249726aeb10d5e1b11cf26fa6237b434dd3f7f407c01ecc61040ea52
- SSDEEP
  
  24576:QAHnh+eWsN3skA4RV1Hom2KXMmHadVf76BoEQs75:Hh+ZkldoPK8YadVTXE
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy