agenttesla | 24d0058069dc570d1b9600034802fe93e90c7e1367e9001f7444f0dc9213ec11 | Triage

Submit
Reports

Overview

overview

Static

static

5

PAYMENT CO...XE.exe

windows7-x64

PAYMENT CO...XE.exe

windows10-2004-x64

Sharing

General

Target

PAYMENT CONFIRMATION PRINT OUT COPY MT103.EXE.exe
Size

1.1MB
Sample

250328-ncqxpsvwfw
MD5

5c40710df63be4d2df4acea915477002
SHA1

e70bdd344eb35cdb3be895b0f5d0649f266c1537
SHA256

24d0058069dc570d1b9600034802fe93e90c7e1367e9001f7444f0dc9213ec11
SHA512

8feb8adb9b047dc4b37f5fb94e2539c57a7cd0a6025312fdd12abcf2f6f008523f5166d70414fbf3fdaec6b8647ff68d9192c9e4fb66a1ad1012ca4a8b7e8f50
SSDEEP

24576:5u6J33O0c+JY5UZ+XC0kGso6FaN5gf/dzVCK+aKi1ZWY:7u0c++OCvkGs9FaN5KxsKsY

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PAYMENT CONFIRMATION PRINT OUT COPY MT103.EXE.exe

Resource

win7-20240903-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

PAYMENT CONFIRMATION PRINT OUT COPY MT103.EXE.exe

Resource

win10v2004-20250314-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.haliza.com.my
Port:
21
Username:
[email protected]
Password:
JesusChrist007$

Targets

- Target
  
  PAYMENT CONFIRMATION PRINT OUT COPY MT103.EXE.exe
- Size
  
  1.1MB
- MD5
  
  5c40710df63be4d2df4acea915477002
- SHA1
  
  e70bdd344eb35cdb3be895b0f5d0649f266c1537
- SHA256
  
  24d0058069dc570d1b9600034802fe93e90c7e1367e9001f7444f0dc9213ec11
- SHA512
  
  8feb8adb9b047dc4b37f5fb94e2539c57a7cd0a6025312fdd12abcf2f6f008523f5166d70414fbf3fdaec6b8647ff68d9192c9e4fb66a1ad1012ca4a8b7e8f50
- SSDEEP
  
  24576:5u6J33O0c+JY5UZ+XC0kGso6FaN5gf/dzVCK+aKi1ZWY:7u0c++OCvkGs9FaN5KxsKsY
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy