agenttesla | eebf4e02ac5a900a8549a8b8c230a0445706ab295e49439f670bf2e3316d39bb | Triage

Submit
Reports

Overview

overview

Static

static

5

Nueva Orde...24.exe

windows7-x64

Nueva Orde...24.exe

windows10-2004-x64

Sharing

General

Target

eebf4e02ac5a900a8549a8b8c230a0445706ab295e49439f670bf2e3316d39bb
Size

876KB
Sample

250122-bd3xfa1jdl
MD5

beb2e5db810f2a6f3f4c0954bb204c33
SHA1

7d3b4915fbb95add8080a547438e91c2ed47adda
SHA256

eebf4e02ac5a900a8549a8b8c230a0445706ab295e49439f670bf2e3316d39bb
SHA512

2eb574baec2bd03053d061af8f4df28896a419c5ed072b4227f4a234ef943d01c25fb2a63cb998d00453116362803eda030bb73a4ddea1f5accd03e7e4b0c700
SSDEEP

24576:hOdGuU+dfrVS2TgEhBfWA9vPgK9kVCEwfIOTKD1F:hOwutdwa3DBpXkVofIN1F

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Nueva Orden de Compra 5424.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nueva Orden de Compra 5424.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  Nueva Orden de Compra 5424.exe
- Size
  
  1.3MB
- MD5
  
  70b62fe5c9f6a8bfccb0b2a4b8d45e84
- SHA1
  
  129d8ca1944bcf608fa12a032d254e7dc08c2cc7
- SHA256
  
  3c0c387ff08da55e2f2f8062bae3732ff7787a95aa8c6371482be5b9c719ef9e
- SHA512
  
  dcd7ef997cc75035340e68706094a0c118f1beccdcc5862c21a96458726b89b6fdb3f9563734630796bdd164e5f93dc0e61ccb27df27235c376c4e54ecbe6170
- SSDEEP
  
  24576:ctb20pkaCqT5TBWgNQ7aWQXC9PnTYBN9mSSsNcG6A:FVg5tQ7aWYBBBSA35
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy