agenttesla | 3165714f5f16835662fb323d43b1494a2f5744b68b880f3fb277167a26d6d3f5 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO - WWS I...df.exe

windows7-x64

PO - WWS I...df.exe

windows10-2004-x64

Sharing

General

Target

3165714f5f16835662fb323d43b1494a2f5744b68b880f3fb277167a26d6d3f5.uue
Size

489KB
Sample

241002-j86ktawdrl
MD5

38945329db52339f3e89a19d2a235781
SHA1

a8d38c2df912161a1a2c3332b49d0c723d4ecbe8
SHA256

3165714f5f16835662fb323d43b1494a2f5744b68b880f3fb277167a26d6d3f5
SHA512

d7c8e8a95ddc133a26e701fad5b1f887a6f6b5110ce96642a1bf5082eeda488c27dbe629624815bb1ce7a3a0e27b4c67fedfe169305295663dbe0128b6dd9608
SSDEEP

12288:4pQumzeyc1584qalAMXcnSt4ZkSHepQNgt1rKbGW:KQEv584qaF0S+ZkSMthOGW

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO - WWS I - CALPX24090048.pdf.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO - WWS I - CALPX24090048.pdf.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.gizemetiket.com.tr
Port:
21
Username:
pgizemM6
Password:
giz95Ffg

Targets

- Target
  
  PO - WWS I - CALPX24090048.pdf.exe
- Size
  
  100.0MB
- MD5
  
  1c7e0fd7bfb418cb0f4e48133da91a6c
- SHA1
  
  9abc0288a1035d9afd80c5bc75c5ef5efa7c082b
- SHA256
  
  59c9af03107ab7b7a6fc0e4a8ba8402bb6d5ca8c5b8f2dea12c252600c70c381
- SHA512
  
  2cb4d7a3deb89349280d3fb857c6dcb2f1a1ce6076d6f4b25db7d90aa44cf34dd24bfade1dc1b85d5f9ec95436f78b9d3f83aed9761c72469af16080afdf097f
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLTORumP6q9VhYSGbdzuK/VLFE:ffmMv6Ckr7Mny5QLfmP6q9VhYSGbh5F
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy