agenttesla | c6484705f1412b43be76238227e87c18d1bd9700e04e6dbc265242182160e716 | Triage

Submit
Reports

Overview

overview

Static

static

5

OC 44076345.exe

windows7-x64

OC 44076345.exe

windows10-2004-x64

Sharing

General

Target

c6484705f1412b43be76238227e87c18d1bd9700e04e6dbc265242182160e716
Size

771KB
Sample

250117-bddybaxpdm
MD5

aadc8d47268a0e8866f1499f412ae055
SHA1

564a1e0b32291f2afdd985508f42081a0cc74405
SHA256

c6484705f1412b43be76238227e87c18d1bd9700e04e6dbc265242182160e716
SHA512

80b8f8aedcba38b2227911dcc4b423c8bff4d5fd05f4df3fcda7111791746ceddf1b1b4de7a8e2c4d142ed7955dcf90179347e94f5d3164ac56f7a2069cde7e9
SSDEEP

24576:gu+5C1tYwvY2l20URU/qgK3K8MRg7lidlEzCteSl:tNur2l20URU/8MYliHEz6B

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

OC 44076345.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

OC 44076345.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  OC 44076345.exe
- Size
  
  1.2MB
- MD5
  
  54bba910633199decc5ac44b5cce5b8c
- SHA1
  
  f3a7ca7176f8d0992a5399f09c3325c53889b1ed
- SHA256
  
  c204b8cdd36fb7e67e59633ff278510106db650f9a408c6296ddb25d8f269673
- SHA512
  
  0d24281e0d5c2b9295192688c4de58809ff2cde6d67eac768e341bff7ccf2d4ae73b542a6462dc1aafd2dfe56b838b65eaf8f8fb3231d67fc95f255172e22830
- SSDEEP
  
  24576:IRmJkcoQricOIQxiZY1iazxr9QXD9ydPmJF7bD/Bgy:tJZoQrbTFZY1iatpqD9amJVHt
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy