agenttesla | 4e49022c610e7651c1694331b900dfb678ea5fb47bdaa1d7fc37f888b55a1664 | Triage

Submit
Reports

Overview

overview

Static

static

5

combrobant...90.exe

windows7-x64

combrobant...90.exe

windows10-2004-x64

Sharing

General

Target

4e49022c610e7651c1694331b900dfb678ea5fb47bdaa1d7fc37f888b55a1664
Size

544KB
Sample

250129-bdsrgawmby
MD5

3312ea24f1abe94fd28878e238233fc6
SHA1

3bde020372d824613b859d6981fc0c3d10dc3922
SHA256

4e49022c610e7651c1694331b900dfb678ea5fb47bdaa1d7fc37f888b55a1664
SHA512

a12124f6cf537bee49d2a971d76c498f356379b548f0d258714b86c375b708ae0698bcac8e6ebbf31a3029427570ed77fd8c66b52afeac5b09a0f03503edf6ca
SSDEEP

12288:uqLIi1S/2mPrB/yojovrYaQc+McddP2vokZzhTg4tagcMrW+85FNl8:FJC2arFtkEc+jZ2ByFMrWXFNl8

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

combrobante_swift_y8675645343123546576879809765434233567890.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

combrobante_swift_y8675645343123546576879809765434233567890.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  combrobante_swift_y8675645343123546576879809765434233567890.exe
- Size
  
  90.0MB
- MD5
  
  bb2896cfb5a3845f8eef6becd56a1f21
- SHA1
  
  5e4fa4f04e07cb7de806e4f4365c614268b55fc9
- SHA256
  
  47a76e7ef345942ecad534f3e30d0f5e38af8014cb8357782f9b57daa19e7812
- SHA512
  
  ae77e4960a8665d733396fce1f2b34cc6e0a3fd62daa8f1af97aa8b7c92716fd87b6b9d54245bd7224a4e630d226418ff848a08aa37b80996e7644958e0e72b7
- SSDEEP
  
  24576:mAHnh+eWsN3skA4RV1Hom2KXFmIaFHwzsc9eySqwu5:Bh+ZkldoPK1XaFQMq9
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy