agenttesla | 40424e3647e218652a1bffe16c9824616db49f285e5856d56c48abe7d7d9c618 | Triage

Submit
Reports

Overview

overview

Static

static

1

1-Ordine d...88.exe

windows7-x64

1-Ordine d...88.exe

windows10-2004-x64

8

Sharing

General

Target

1-Ordine di acquisto_0909202400172_2401488.Gz
Size

503KB
Sample

240910-hn6vea1crm
MD5

bb4da165cd2f4b05cb591b6c87687ed0
SHA1

899195664838afa85e6af1fb92d9ff2ff4e16106
SHA256

40424e3647e218652a1bffe16c9824616db49f285e5856d56c48abe7d7d9c618
SHA512

4ac501dda959b3a8e0a99ff908f0ced49d5c7864e77eb06a218347e02aa053c74d480ee4f491ea15a87b427612c724d8293aad40e3468a075fd5feae64260cd6
SSDEEP

12288:gZdkxD3beccKJnX2+oeyu99xiL/vyXvyvHDE6vV6q1pPrT4gkfI:g8F3ymnG+oeyuHq3IvMwq6wpP4gmI

Score

10^/10

agenttesla credential_access discovery execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1-Ordine di acquisto_0909202400172_2401488.exe

Resource

win7-20240903-en

agenttesla credential_access discovery execution keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1-Ordine di acquisto_0909202400172_2401488.exe

Resource

win10v2004-20240802-en

discovery execution

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.andalan-pacific.com
Port:
587
Username:
[email protected]
Password:
OperationAPS2024
Email To:
[email protected]

Targets

- Target
  
  1-Ordine di acquisto_0909202400172_2401488.exe
- Size
  
  646KB
- MD5
  
  e372ae48f6c86c7491a89876df42aa4d
- SHA1
  
  04da90d9bf4af0778b27c6f5f8890096ffd7061a
- SHA256
  
  fdaaef3df184431dac7f489471ec9de34d4dff895ef7b04be85eb40117477621
- SHA512
  
  38c15bb091d79f52a5952fa757581b9a3dedcba39effaa81cc6c75739386a8bd0f8c8cb5d8c0be9d54c66dd4d48341360687c8ee0673f31a73476a089991c22d
- SSDEEP
  
  12288:YltuKOcMKJ/TI+oeGuL9JaLNvsNP6L/Dm6Vp2qBZznT4OkfG:AOo/c+oeGuROtaPyCU2yZz0OmG
Score

10^/10

agenttesla credential_access discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

discoveryexecution

© 2018-2025

Terms | Privacy