agenttesla | 660e918168fa3e0cc5a47bde693249d0ba164600321b015efe53351875d34f51 | Triage

Submit
Reports

Overview

overview

Static

static

3

Swift_coft.pdf.exe

windows7-x64

7

Swift_coft.pdf.exe

windows10-2004-x64

Sharing

General

Target

660e918168fa3e0cc5a47bde693249d0ba164600321b015efe53351875d34f51
Size

1.1MB
Sample

250115-bmwvgsxpgr
MD5

8db7e1ed743e90ff55febccc9a1fae39
SHA1

b9fd77363c2a03372e00b2a1393a45b910e0116a
SHA256

660e918168fa3e0cc5a47bde693249d0ba164600321b015efe53351875d34f51
SHA512

fd6cc730e8ccfbd490e8dc9383637959b687728f634f01a8baec6a919cab6a4de167191d40dfd42e0240030a5c9da15beec658dbdecd26a3a8c90fe9f7f02530
SSDEEP

24576:Xwsx4ZEbjy/7IrR8U1LEvJJsVjFjtoLdzyq15W3aHl+:NbjyUrR8UJIJKVjFjt6xy25Wq+

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Swift_coft.pdf.exe

Resource

win7-20241010-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Swift_coft.pdf.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
webmaster
Email To:
[email protected]

Targets

- Target
  
  Swift_coft.pdf.exe
- Size
  
  1.3MB
- MD5
  
  7d8bede169266674c8f978cfe0bceeb1
- SHA1
  
  b6d643679a42994315bbaafda3c4150182d47a8e
- SHA256
  
  62edacaa3a63ed12f86215d3a60c69d15f5c3bac7145a403aead8d8c5a035a2d
- SHA512
  
  0fcd7b8487dfe15f1ef9f4726c5d5313f8af318e6281aa0b6cedb20642620309966a4a99c8cf065728e10e5ec2dfa00a2acc894cc1339e4655cd19d4b52377af
- SSDEEP
  
  24576:haunU/DmqKHDSns2hZpXl1joed8P6lWf4kF:DU/yqKHcJM0RwF
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy