agenttesla | cadee1de30e25218f661fe69c6fa918e34499721514722012514895bf3362b20 | Triage

Submit
Reports

Overview

overview

Static

static

5

UnitedSapp...df.exe

windows7-x64

UnitedSapp...df.exe

windows10-2004-x64

Sharing

General

Target

cadee1de30e25218f661fe69c6fa918e34499721514722012514895bf3362b20
Size

840KB
Sample

240926-kqqx3s1bqb
MD5

8fa3dc4d68feb9667f3c1fd7cc1533cc
SHA1

53542a3f96c84c55a57101fc9582ade5663f8ca1
SHA256

cadee1de30e25218f661fe69c6fa918e34499721514722012514895bf3362b20
SHA512

3ad7276348de34af0695737eb578f79a86e95826ab135473b626cf765b50cb697470e3ed9731f6266293e02e052991f50659b9b0ded0f6a00afe446167bbf8f3
SSDEEP

24576:0zaqtRE5KxftVT13BX6l1T5J+O2xF3ClItGfm:wDWKBo1t98tGO

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

UnitedSapphire 9-25-2024pdf.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

UnitedSapphire 9-25-2024pdf.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
nW5AoStmqtxtXpA

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
nW5AoStmqtxtXpA
Email To:
[email protected]

Targets

- Target
  
  UnitedSapphire 9-25-2024pdf.exe
- Size
  
  1.1MB
- MD5
  
  d3eef7722b525036e705d1eff5ee35bc
- SHA1
  
  10906aca57b39843912f326282a7808587955b13
- SHA256
  
  0487dec5ed884e775e2f5caeb9bf7e1c68498aef0fd1333ee327656415b4dba0
- SHA512
  
  31e78db6be1b7a023728550080668c45cf864c25a5c6abbffbf93c21935c52d71c56933b1572d899c6742df18ce8f437b5971944921ea117fd0cc7af1a1b161c
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCW3BXGzvT5J+Y2xj3ct01GbN:7JZoQrbTFZY1iaCU4vlzSfGB
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy