agenttesla | 9a173d0d22bdb22ef1ef9b95a28558e8204c9a28e4c91074edb904a8286956c7 | Triage

Submit
Reports

Overview

overview

Static

static

5

01. VESSEL...df.exe

windows7-x64

01. VESSEL...df.exe

windows10-2004-x64

Sharing

General

Target

01.VESSELsDESCMV.DEMAM.pdf.lzh
Size

1006KB
Sample

241002-tw1h5szbmc
MD5

54ba5fb14eaca80cdb3dffbd695c8323
SHA1

b25d73a9b376ff27b47614a11a6aeda333a964c4
SHA256

9a173d0d22bdb22ef1ef9b95a28558e8204c9a28e4c91074edb904a8286956c7
SHA512

75ef17757301040c3829bc7809b9663b2a79feb2bbf1f017997e846119ba39ebf83137ddff2d70b8fa989ae3c30b47ff9271f47038e67fe23253a252f48d0b69
SSDEEP

24576:Q2GSWOY516HV5ea88PdswJmrzOAPWsXSXgpwut61:Q2mOY51sI2mrzOgWW0gLt61

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

01. VESSEL's DESC - MV. DEMA M.pdf.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

01. VESSEL's DESC - MV. DEMA M.pdf.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  01. VESSEL's DESC - MV. DEMA M.pdf.exe
- Size
  
  1.3MB
- MD5
  
  bac4a8bde93ef7323e06c9303c80b365
- SHA1
  
  2fb18b7e433f608ef2c0e3b8839159f0cda39f84
- SHA256
  
  b46023ecb26400931b352ddb0e4626d550065ce5b5380ced9f6c1619fbc96548
- SHA512
  
  2fc861df6889edab7fe25107d3bb3a30e4ecefe8c458add1de33c69af47686a7c880823307bfc1a6032469ed480f689c31e6ca4130c4744d53d10b1a211d8381
- SSDEEP
  
  24576:kfmMv6Ckr7Mny5QYeZbMSpE4S4BSm0dCwVzRO5ztD8Zlq1fJZf:k3v+7/5QYel1pLSIQCAMUZlq1fP
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy