agenttesla | a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4 | Triage

Submit
Reports

Overview

overview

Static

static

5

a7ddda8e43...c4.exe

windows7-x64

a7ddda8e43...c4.exe

windows10-2004-x64

Sharing

General

Target

a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4
Size

1.3MB
Sample

241116-bjk9ksxanr
MD5

b7e0f937a3fdd954b4998c7d34c75861
SHA1

4e175642f5cae958cfc3d03bdd882aabc954f19c
SHA256

a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4
SHA512

699343f44368444f2d7d7e7777ad79270c8afa4cb73390d68d3a6f395d8a235c43fedd5c775c1f241f8747e5e4cbefb3866703591625dcd7fcf58dc5e1536519
SSDEEP

24576:Jtb20pkaCqT5TBWgNjVY5ltWxmwSE1fR9DIVxa25c9vaKV6A:aVg5tjVY5lCpDIavx5

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4
- Size
  
  1.3MB
- MD5
  
  b7e0f937a3fdd954b4998c7d34c75861
- SHA1
  
  4e175642f5cae958cfc3d03bdd882aabc954f19c
- SHA256
  
  a7ddda8e43d03d462a05c4c686921217368b407fe7f2cd8cabbcdb8e49f2f6c4
- SHA512
  
  699343f44368444f2d7d7e7777ad79270c8afa4cb73390d68d3a6f395d8a235c43fedd5c775c1f241f8747e5e4cbefb3866703591625dcd7fcf58dc5e1536519
- SSDEEP
  
  24576:Jtb20pkaCqT5TBWgNjVY5ltWxmwSE1fR9DIVxa25c9vaKV6A:aVg5tjVY5lCpDIavx5
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy