agenttesla | 8e1e969eb056350e1788f38dfa03bb55657ed9f16cf907d8bb3edcc264869510 | Triage

Submit
Reports

Overview

overview

Static

static

5

NUEVA ORDE...df.exe

windows7-x64

NUEVA ORDE...df.exe

windows10-2004-x64

Sharing

General

Target

8e1e969eb056350e1788f38dfa03bb55657ed9f16cf907d8bb3edcc264869510
Size

818KB
Sample

241016-bg7d2aygqq
MD5

3543411de27f7b0efb23c4604e256b4d
SHA1

fdc7cb0033499eaeb5c13c72c2d59c9bb7c0ea30
SHA256

8e1e969eb056350e1788f38dfa03bb55657ed9f16cf907d8bb3edcc264869510
SHA512

30b06d99bb90f61648a73ea9d7197eeba87b48b0495a2f43f156e529c0a01b0a3a6a1e9e0d1808ed50d36a7e82f83ee2e6f247134a3a43f626f9bf8a56bd0424
SSDEEP

12288:xHBRhgpCt7b0KtBC2MSOASdIXGDfTtYtCrzX8oV09kORkv5S43NuU4lZczDnYwsx:xnhgiP0KTMTAuzHrzVAt45bj4lWoNN

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NUEVA ORDEN DE COMPRA________________________________________________________________pdf.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

NUEVA ORDEN DE COMPRA________________________________________________________________pdf.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  NUEVA ORDEN DE COMPRA________________________________________________________________pdf.exe
- Size
  
  1.3MB
- MD5
  
  b67266303eb9aff008dc4cb116e67093
- SHA1
  
  cb61b07f67599aace23a31ded3ab964ab7269d35
- SHA256
  
  9284f37d401e0ca9a61b0e20f7b90bc77b1754b74c897b33251a652a74db53ad
- SHA512
  
  eb9705d989e1d14d0c1ad3518e0dcd24fb5124788fd1ad2824cbe71557250116de14bbcdab0db42db9dac477eec2f34e857bca935b55c2068769df89fc2fbda3
- SSDEEP
  
  24576:eCdxte/80jYLT3U1jfsWaQq+jtmeRbllS7v0SAF5/4Q3N59aItmOQ:3w80cTsjkWaQVA+llS7v0SAT/40598
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy