agenttesla | eb627ffd28f1a417dbfa9cd4ae1b45291e022e8029f2aa7a2f8a984ea4e43206 | Triage

Submit
Reports

Overview

overview

Static

static

5

combrobant...at.exe

windows7-x64

combrobant...at.exe

windows10-2004-x64

Sharing

General

Target

eb627ffd28f1a417dbfa9cd4ae1b45291e022e8029f2aa7a2f8a984ea4e43206
Size

754KB
Sample

250125-bj8d4syrhl
MD5

51c935e77a3d5ea33ae337298de3615f
SHA1

f30c21abcd5ab7138a07a766573dc680b82bdc04
SHA256

eb627ffd28f1a417dbfa9cd4ae1b45291e022e8029f2aa7a2f8a984ea4e43206
SHA512

7864998bd32f45cef78c115576fde453b5fd28d9e0e4b80b105a7f026c54ee27d52887cf7362945cfb2cdcc003d1c957d2f3e1d408a1feab03afe2a47ad5a623
SSDEEP

12288:fsNx+QKbK8kIyYCedTnjjkDyOhIJO+fZJ2oSLomsYjFD3Pa+AoZ06wQiLJkW4:fU+Q7KyXetUmEIQGDDUsCB0dQiLWn

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

combrobante_swift_y8675645343123546576879809765434233567890.bat.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

combrobante_swift_y8675645343123546576879809765434233567890.bat.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  combrobante_swift_y8675645343123546576879809765434233567890.bat.exe
- Size
  
  30.0MB
- MD5
  
  8c737e5f3bd149ec9918a2afdb0a465e
- SHA1
  
  78ab6987108fdf2eeda4f7e7772d896892b8db94
- SHA256
  
  39dcde536f668f5bcf6fd349426fa8297acd67e66217c1ed9faf3cdeec69173a
- SHA512
  
  f5b0abdd89b551e6e4f13eb2393a8b7c8370dddcded2e869d52e4aef7e8b43eb4761478ab503eeb277d908a71d451422eae9d3d7ab3ed4b5510e8e05733e6f85
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCXSiBPiVsOE4HnrKuKd:7JZoQrbTFZY1iaCHaBE4Huuw
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy