agenttesla | f8fb6c4ac020b9b8116781833ad5f536979a2e21986601c55928a2bfcc3036ce | Triage

Submit
Reports

Overview

overview

Static

static

1

Inquiry N�...9.xlam

windows7-x64

Inquiry N�...9.xlam

windows10-2004-x64

1

Sharing

General

Target

Inquiry Nº TM24-10-09.xlam
Size

803KB
Sample

241009-scp3masame
MD5

c4d3d1b1842e510619920b9492900250
SHA1

25749eb1073ce81fd72314dda9efab61adb70b3f
SHA256

f8fb6c4ac020b9b8116781833ad5f536979a2e21986601c55928a2bfcc3036ce
SHA512

dd3c9e5590f43fa891142106169a90d2ec986f3db45a641d38c4af326ac7b600eb9442b4fca0b0fd3f096b547cce6162535bbc67d6fe534e1f7c3c44d4d72919
SSDEEP

12288:5UDmtDq7MeSQA4rwbZswK/j+c61E/y7CEBbJlFE54zuvBBhvWHK0QbJXaw71DrGb:WDf4lYrwzKrV6S/yBruv/hHxbdD1Drub

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Inquiry Nº TM24-10-09.xlam

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Inquiry Nº TM24-10-09.xlam

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
niggabgee5thfeb24@worlorderbillions.top
Password:
ORKSEMuW*kNA
Email To:
niggabgee5thfeb24@worlorderbillions.top

Targets

- Target
  
  Inquiry Nº TM24-10-09.xlam
- Size
  
  803KB
- MD5
  
  c4d3d1b1842e510619920b9492900250
- SHA1
  
  25749eb1073ce81fd72314dda9efab61adb70b3f
- SHA256
  
  f8fb6c4ac020b9b8116781833ad5f536979a2e21986601c55928a2bfcc3036ce
- SHA512
  
  dd3c9e5590f43fa891142106169a90d2ec986f3db45a641d38c4af326ac7b600eb9442b4fca0b0fd3f096b547cce6162535bbc67d6fe534e1f7c3c44d4d72919
- SSDEEP
  
  12288:5UDmtDq7MeSQA4rwbZswK/j+c61E/y7CEBbJlFE54zuvBBhvWHK0QbJXaw71DrGb:WDf4lYrwzKrV6S/yBruv/hHxbdD1Drub
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.