agenttesla | 95cc26903867ce68cb392ca3fe5ad21e371b8b6b2f1540137d0c6d26e9ca69c7 | Triage

Submit
Reports

Overview

overview

Static

static

5

Shipping D...df.exe

windows7-x64

Shipping D...df.exe

windows10-2004-x64

Sharing

General

Target

Shipping Documents_pdf.exe
Size

1.1MB
Sample

240724-hmhfestapl
MD5

50e6e94907fc16f102299c659ba822d3
SHA1

b96807ab5a591c38f0d1405f553a4da030b8643e
SHA256

95cc26903867ce68cb392ca3fe5ad21e371b8b6b2f1540137d0c6d26e9ca69c7
SHA512

c102b607778140baa6252f883183bf6572f76ba7b0b9b5a07c6549a86fe951be229520a59c8a1b4f2686b98c1dbd03815affa6a1f9166e650c30acbf7b3a3c4e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aS7JtgbvXVGwaD0YcD:4TvC/MTQYxsWR7aS7Jtg7dTN

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Shipping Documents_pdf.exe

Resource

win7-20240708-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Shipping Documents_pdf.exe

Resource

win10v2004-20240709-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Shipping Documents_pdf.exe
- Size
  
  1.1MB
- MD5
  
  50e6e94907fc16f102299c659ba822d3
- SHA1
  
  b96807ab5a591c38f0d1405f553a4da030b8643e
- SHA256
  
  95cc26903867ce68cb392ca3fe5ad21e371b8b6b2f1540137d0c6d26e9ca69c7
- SHA512
  
  c102b607778140baa6252f883183bf6572f76ba7b0b9b5a07c6549a86fe951be229520a59c8a1b4f2686b98c1dbd03815affa6a1f9166e650c30acbf7b3a3c4e
- SSDEEP
  
  24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aS7JtgbvXVGwaD0YcD:4TvC/MTQYxsWR7aS7Jtg7dTN
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy