agenttesla | 2ddfef3d7e1d729026bbdde6be37173bf056f62d9528f9409d7667a91987e923 | Triage

Submit
Reports

Overview

overview

Static

static

3

DOC8558388...21.exe

windows7-x64

DOC8558388...21.exe

windows10-2004-x64

Sharing

General

Target

09b942e7fd11d48c54aba5c4a4c83ebd_JaffaCakes118
Size

1.8MB
Sample

241002-j59s3azdjf
MD5

09b942e7fd11d48c54aba5c4a4c83ebd
SHA1

010076f4b98fd00c8748a0bd3c4313d55e1ac61d
SHA256

2ddfef3d7e1d729026bbdde6be37173bf056f62d9528f9409d7667a91987e923
SHA512

2a56ba57a677afb11ae5f674149518972cd71f9797bdb3a8026b414457d5f3ae8e1503bb44133ac43a78478313b18c990561183314e9172cb7fade01f0fff78b
SSDEEP

24576:xGEF798nDNkpLeCoeNbk+0ioO4A8XHiuvT1U9m1hlSmvpduchqbmkDSA5:vAxIZNbt8bMehDTXvVM

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DOC8558388_AUGUST2021.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

DOC8558388_AUGUST2021.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.rdnsanom.xyz
Port:
587
Username:
[email protected]
Password:
j!P2f~oad_G7
Email To:
[email protected]

Targets

- Target
  
  DOC8558388_AUGUST2021.exe
- Size
  
  1.3MB
- MD5
  
  fe1e7c4a720c5aabdff8b5134ff25292
- SHA1
  
  3b512edaf968cfc824a73eee98a841bf893cbe99
- SHA256
  
  64186ecb7905dcf865a55113e959199d17479cbe9a538669b4f4d356b194dbfc
- SHA512
  
  8fdfc7bf5f8958a65b6485583d0a05fed35c9c791522d100f870a35eeefe3fea65649293d3d60a36037311004b294ca7dba182eac6331981aa60bfd31d2de04b
- SSDEEP
  
  24576:vQRK0rxB/HOIThNN7Mtqk8RbZZS5R0DlhuCO:v2BtThXEc3Bb0
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy