agenttesla | a7abde9ed7e26054a6cb08b40569b0c59aca7e185d129fd5fa147c6ddc304e61 | Triage

Submit
Reports

Overview

overview

Static

static

5

AVISO DE C...DF.exe

windows7-x64

AVISO DE C...DF.exe

windows10-2004-x64

Sharing

General

Target

AVISO DE COBRO DHL-160663957.PDF.gz
Size

658KB
Sample

241010-t7syfawajg
MD5

799c57b6366ff9c73ba8ebc41d1c9779
SHA1

49ad1b417115ceb1d8199fda38a47baa4bbece13
SHA256

a7abde9ed7e26054a6cb08b40569b0c59aca7e185d129fd5fa147c6ddc304e61
SHA512

4a9ddf2c0bc6778a4c84781b4d105373e65e62c696ff9952b78bb3ab14f419cf3a62056d482cb67a593c250863353688b469b74caebbfc9138be329772beb0ff
SSDEEP

12288:s0zgoXsrs+YG9aaGq2YA2uWjUxft+9JxaBeFQdvvWQAtWLJIGBbSmPEMfuUQuyM5:T9X4s+YAHN/A2uOsCHaQQ4WLJtBSmcG9

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

AVISO DE COBRO DHL-160663957.PDF.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

AVISO DE COBRO DHL-160663957.PDF.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.anetospiti.gr
Port:
587
Username:
[email protected]
Password:
akS3cdj{_L7m
Email To:
[email protected]

Targets

- Target
  
  AVISO DE COBRO DHL-160663957.PDF.exe
- Size
  
  1.1MB
- MD5
  
  a6a745c9e98b0f016840cce6ed707483
- SHA1
  
  68fe18754e74c49b7f976bdfe276853976de0b42
- SHA256
  
  ef7a804eda595798e13de0e6a0a464346f2f52840526923a4e6e58c5056c2e9e
- SHA512
  
  67bbd368004d06052972798299c3d569289d48f3a772d25a551bf125ca55b4d76d827ee56501aa92277d362a2d51356d65670120d590b0582b214483637cf464
- SSDEEP
  
  24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8a1VujrEJlnPUiIs:lTvC/MTQYxsWR7a1VZHP
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy