agenttesla | 637414a62cd73dd2f7abd3c0de5232cd9f3a94d5661986abd24a78aaa69327ea | Triage

Submit
Reports

Overview

overview

Static

static

5

Order enqu...25.exe

windows7-x64

Order enqu...25.exe

windows10-2004-x64

Sharing

General

Target

637414a62cd73dd2f7abd3c0de5232cd9f3a94d5661986abd24a78aaa69327ea
Size

811KB
Sample

240923-sqwsbszdnj
MD5

8635ed28863d14659a15e019aaec6178
SHA1

4716010f8239e11050bd228043f3d2b8f03aaebe
SHA256

637414a62cd73dd2f7abd3c0de5232cd9f3a94d5661986abd24a78aaa69327ea
SHA512

fd14d6ed7d5ca574eda95aeab306dd3f8b02730d2fa252988a7e5d57eb4fb8b580bf9479266ea94d141203bf6a91b89020ffc4b0f92c7b6ec19b5c5534aa0b4f
SSDEEP

24576:XY7tC/D80olUcTiRtS5OHbmWqre/obnFr5CHm:XYpi80olUcTiRtS5+mFieNCG

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Order enquiry 2025.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order enquiry 2025.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
phoenixblowers.com
Port:
587
Username:
[email protected]
Password:
Officeback@2022#
Email To:
[email protected]

Targets

- Target
  
  Order enquiry 2025.exe
- Size
  
  1.1MB
- MD5
  
  10b87f0207d77ab042cbae6f9fe7f4fd
- SHA1
  
  d3d16ac8ad828685aa4caf7369590206338748a5
- SHA256
  
  4997746df04ba00d80f001da1d5f984b773b82f3643ca0eee98d3ef1570f403c
- SHA512
  
  a460ba25b69e0675acf91908490382f69c948f3f4e5612f90f0433864c948a555d4b263b87f9f47e0cd6c2714f2ee0f5c7ba35e73979daab97c68e94be70462e
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCKy1OTbYW8r8Tajn9rZI4S:7JZoQrbTFZY1iaCKy1WYTooVIp
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy