agenttesla | 8673877cbf80e52064e18bc6581636fb57541db45bcc84273a991b368dac8913 | Triage

Submit
Reports

Overview

overview

Static

static

5

INSTRUCTIO...oc.exe

windows7-x64

INSTRUCTIO...oc.exe

windows10-2004-x64

Sharing

General

Target

INSTRUCTIONS ON THE PROFORMA AND FINAL DISBURSEMENTS ACCOUNTS.pdf, EUROSKY.doc.z
Size

871KB
Sample

241011-rf4jrawejd
MD5

215a6431aecf3cc22a038f401f55abfa
SHA1

f047b28c02b300397e0a2b06eb8756318c8c3a73
SHA256

8673877cbf80e52064e18bc6581636fb57541db45bcc84273a991b368dac8913
SHA512

c38ea87ef1a5e5d77406d214b413f90e3280e46229d1b0257907721ddf0bea9a9585caccd705fb842dab802353e4c476005770d65afb227e2fcb91a46a1794f8
SSDEEP

24576:wT38ilcb8fDo54iGZV1gzbj6TgT6gGB7vGCW/v:wrfcbYaOZQzb4lgGBCCW/v

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

INSTRUCTIONS ON THE PROFORMA AND FINAL DISBURSEMENTS ACCOUNTS.pdf, EUROSKY.doc.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

INSTRUCTIONS ON THE PROFORMA AND FINAL DISBURSEMENTS ACCOUNTS.pdf, EUROSKY.doc.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  INSTRUCTIONS ON THE PROFORMA AND FINAL DISBURSEMENTS ACCOUNTS.pdf, EUROSKY.doc.exe
- Size
  
  1.2MB
- MD5
  
  515fd5f36230667c7060e83a5dd79abe
- SHA1
  
  35be32bbfbead2f6bbc48f9dcc7f675fba407676
- SHA256
  
  7c8209053ff4705b39dcd23318174fc4407eabc5bdc40f4babfd876f8d049bc5
- SHA512
  
  b92d710020eaf708d32f6576bb81e64bf9c69776eef6279963dd933bde47d6f014930f5d5f52437e9b7c7aed1fedfce7be433e454df6e1487fb7a50a20adab84
- SSDEEP
  
  24576:FfmMv6Ckr7Mny5QiXx5j0HjXqiYCOvjF6PPt:F3v+7/5QiXx5j0Hj6iYCOLSt
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy