agenttesla | 01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Przychodz�...df.exe

windows7-x64

3

Przychodz�...df.exe

windows10-2004-x64

Sharing

General

Target

Przychodząca wiadomość SWIFT EUR 7.592,50.pdf.exe
Size

2.4MB
Sample

241124-s224gswnes
MD5

33c42601c5cc7ff28159c7c024dc60e6
SHA1

85fae67ade783ecae31a392235599b4ec7ab5b9b
SHA256

01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c
SHA512

4df9c9c508f59c94ed949eed319a9d9957de3707d82da18e85a9710470be312a69eb70567f582e75a9d94b28066be1640e01bd7ac68565eda6d02e718019265c
SSDEEP

49152:jKv5tHSZPcn/XLmFCoxnximwEsLknp7YpSa8+0y:GvfSZPcnTmvNwEWsp7r80

Score

10^/10

agenttesla collection discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Przychodząca wiadomość SWIFT EUR 7.592,50.pdf.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Przychodząca wiadomość SWIFT EUR 7.592,50.pdf.exe

Resource

win10v2004-20241007-en

agenttesla collection discovery keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.svetigeorgije.co.rs
Port:
21
Username:
[email protected]
Password:
4c5H&b2whkD9

Targets

- Target
  
  Przychodząca wiadomość SWIFT EUR 7.592,50.pdf.exe
- Size
  
  2.4MB
- MD5
  
  33c42601c5cc7ff28159c7c024dc60e6
- SHA1
  
  85fae67ade783ecae31a392235599b4ec7ab5b9b
- SHA256
  
  01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c
- SHA512
  
  4df9c9c508f59c94ed949eed319a9d9957de3707d82da18e85a9710470be312a69eb70567f582e75a9d94b28066be1640e01bd7ac68565eda6d02e718019265c
- SSDEEP
  
  49152:jKv5tHSZPcn/XLmFCoxnximwEsLknp7YpSa8+0y:GvfSZPcnTmvNwEWsp7r80
Score

10^/10

discovery agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectiondiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy