agenttesla | 86f91a154a126feb5d7b83044d69c0c9c746bb4f8c6494db4ba8bc54b60f853e | Triage

Submit
Reports

Overview

overview

Static

static

5

Recibo de ...DF.exe

windows7-x64

Recibo de ...DF.exe

windows10-2004-x64

Sharing

General

Target

86f91a154a126feb5d7b83044d69c0c9c746bb4f8c6494db4ba8bc54b60f853e
Size

848KB
Sample

241017-bpghksthma
MD5

3bc327477e7c45bbf10beccc0b17d703
SHA1

c4a5b05d31f4946d1683a7f00020df45f48e3e6f
SHA256

86f91a154a126feb5d7b83044d69c0c9c746bb4f8c6494db4ba8bc54b60f853e
SHA512

370a6b8e15dd369203b64d2cf59fb82375cc36a18b1c69d6639532ae4188b063617144fa3d09915c1489802d5a0ab17e9597032fc54621f59728e098bd91af86
SSDEEP

12288:RoP1Kf9fdyLcQeHDBES+8GNVmpKirUqmR9nJlOKtQZSiPJdjVJnICQoZQZLfQxb8:uPofTygHtg5u29nojRZB+aENp7h

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Recibo de envío de DHL_Guía de embarque Doc_PRG21100367363144356060.PDF.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Recibo de envío de DHL_Guía de embarque Doc_PRG21100367363144356060.PDF.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  Recibo de envío de DHL_Guía de embarque Doc_PRG21100367363144356060.PDF.exe
- Size
  
  110.0MB
- MD5
  
  38fca0fbbcbe19f043c9ef0ac1a784b9
- SHA1
  
  5451bbaba3fcd09c6beb05a92b1b332763355026
- SHA256
  
  e3ea3bcff49ffb3057924b97db96e98611fe5c2e23c4fc259a2739f5cbb9c200
- SHA512
  
  24030ebfee58c9b1dc1fe60c299975151f3cbd69321ed21ab436fb6e17e335863c9ecdefdbbb5b83eecef8d574b81c8d329c63fe7d75979bf2a32b54ffe375f9
- SSDEEP
  
  24576:tCdxte/80jYLT3U1jfsWa9tdlvGlG/NHV7t3iJ60H6AJL0uz/Q:kw80cTsjkWa9tdlvGl2lus0H6aL0us
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy