agenttesla | 4732be30e035262d54cc12e25476688dd31232c38d227a29318eb225b728523a | Triage

Submit
Reports

Overview

overview

Static

static

5

Orden de c...40.exe

windows7-x64

Orden de c...40.exe

windows10-2004-x64

Sharing

General

Target

4732be30e035262d54cc12e25476688dd31232c38d227a29318eb225b728523a
Size

561KB
Sample

241212-be2qrsvmat
MD5

ef392787644b91c8c95d41ac80d85441
SHA1

80615fe4714fa91192d6128051ab0b6630d1d54b
SHA256

4732be30e035262d54cc12e25476688dd31232c38d227a29318eb225b728523a
SHA512

77e119aaac38b1925ecd36945ffe80f6c02e697965571dbe9b40ea00d4c30f23e563a020278d80b7b4e9d16f51236314447d4734bb2d1e96f48375400d27c11e
SSDEEP

12288:sMlanrkrvWhrH2mBB5rlUhzIXoEJowzO6n4RXdr:sS0IwW4oNEBzOMStr

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Orden de compra.PDF_96756457679-0977086779870680675540.exe

Resource

win7-20241023-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orden de compra.PDF_96756457679-0977086779870680675540.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  Orden de compra.PDF_96756457679-0977086779870680675540.exe
- Size
  
  1.0MB
- MD5
  
  b5ecf3e4d18b103ac8a48f1e11eb6f2e
- SHA1
  
  8a7b26236f30b5b6d7185271931225b40aeb9b63
- SHA256
  
  59abc4a713c88e3ea82a5375c1e0afa6a652a3531bd1586201da2004b916d33b
- SHA512
  
  b03e9d97bd3f254ae877dedcf3932df8286278ec182b8555446a57021d82ba5a51123a4a1207d046a399c0d39f2459a62b9086eae58000f48ed881bf327e8117
- SSDEEP
  
  24576:Xu6J33O0c+JY5UZ+XC0kGso6Fap0nedG3Wm5sokWY:xu0c++OCvkGs9Fap0WG5WOY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy