agenttesla | 913d5397ce4a8fec1f11babd3f96bb8fad63ed1b92e6e06522b0e3882933649a | Triage

Submit
Reports

Overview

overview

Static

static

1

Dhl shipme...00.exe

windows7-x64

6

Dhl shipme...00.exe

windows10-2004-x64

Sharing

General

Target

Dhl shipment documents 0002949400405000599500000.gz
Size

865KB
Sample

250123-klaejaslby
MD5

f4cbbaa69ad0ac9daa1adeda94c2271e
SHA1

2b27e9d6e6ee0738ef6b0a2b18ba5651d62a1ab7
SHA256

913d5397ce4a8fec1f11babd3f96bb8fad63ed1b92e6e06522b0e3882933649a
SHA512

4816de298a2cc84b333c31539117537c43e8626fd19b4a6d357645aa9a22d6683e8b2a1222b8d15f421e8ca2e5259146f8e58fc8107096a22159f1128142f2e4
SSDEEP

24576:NIxehn6MDH7ksloNlYexZF/q2BY+MjFNjdV:qeJxoNlYexa2BY7jFNjdV

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Dhl shipment documents 0002949400405000599500000.exe

Resource

win7-20240903-en

discovery execution

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dhl shipment documents 0002949400405000599500000.exe

Resource

win10v2004-20241007-en

agenttesla discovery execution keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.concaribe.com
Port:
21
Username:
[email protected]
Password:
ro}UWgz#!38E

Targets

- Target
  
  Dhl shipment documents 0002949400405000599500000.exe
- Size
  
  896KB
- MD5
  
  22a542bc1325916eb1816ebca91fb95b
- SHA1
  
  88320ab57b6542208dc82b87ba7372c2b43f6aac
- SHA256
  
  36188bc6b8b6ff6066410e82279f79a7fe8ce638fa0e3b684ff008276689f867
- SHA512
  
  f7ec8166ef7202cf9f0917c2c5f7215a7ef942250ccba67a4a5ecf16ffbe5f6370ba871baabb4cfb2bcaa403bb83fe5fc41a813e1f5400c8551796068407eec3
- SSDEEP
  
  24576:cQ2HggprreJ47AsXQLY21226O31A3Rh+1d:aHgfm3XQL+I3q3Rh+1d
Score

10^/10

discovery execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy