agenttesla | 658104ae78109c5b1d6f1a05262c5703f8b767cc3833d6c4a7cf417582c5ed8b | Triage

Submit
Reports

Overview

overview

Static

static

5

shipping d...ts.exe

windows7-x64

shipping d...ts.exe

windows10-2004-x64

Sharing

General

Target

shipping documents.zip
Size

795KB
Sample

240927-jqzdsasdlm
MD5

05ac127c5195add3050b052b27c8d20e
SHA1

1d59a27711694d3f1e110b95bf752a01c173d2b6
SHA256

658104ae78109c5b1d6f1a05262c5703f8b767cc3833d6c4a7cf417582c5ed8b
SHA512

6b6bdf5183f132f74a642806ece228098ad2fdec89992d164cf5fe615d9bfb416634259ab484f511950b2c10995ac2f056b0919c9bc60914927b2c96247bd388
SSDEEP

24576:GEQyl8zfv2GjJmnEukJwzjLfevoDthtpKICqx2PyQ:GCfqJmEuk4Tlr8I32PD

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

shipping documents.exe

Resource

win7-20240704-en

agenttesla discovery keylogger persistence spyware stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

shipping documents.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger persistence spyware stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.naveentour.com
Port:
587
Username:
[email protected]
Password:
nav!T6u2@001
Email To:
[email protected]

Targets

- Target
  
  shipping documents.exe
- Size
  
  810KB
- MD5
  
  c5516ff1d3704bad31059e7d7ca7cfe7
- SHA1
  
  9eed578b0fc8ad2e4083b6b226cc1e3f4a04e42c
- SHA256
  
  fd67c185be66d7cbd57f97cc05892e93e9e134ff930ae479ac17c726c74cd8d6
- SHA512
  
  b5672accd8255ef79570e3db355649bd6472547353d0a89aad2dafe0bc2cc5926d272c4ae988e368cde1acc40abd9fc2f42a60363b10e1a40e29ea6648025196
- SSDEEP
  
  24576:tthEVaPqLIjmzLLzevg1tN39mWwqxWj6I:VEVUcp/n9oWdWj9
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojanupx

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy