agenttesla | 24d0058069dc570d1b9600034802fe93e90c7e1367e9001f7444f0dc9213ec11 | Triage

Submit
Reports

Overview

overview

Static

static

5

PAYMENTCON...XE.exe

windows7-x64

PAYMENTCON...XE.exe

windows10-2004-x64

Sharing

General

Target

PAYMENTCONFIRMATIONPRINTOUTCOPYMT103.EXE.exe
Size

1.1MB
Sample

250328-nlmawaxky5
MD5

5c40710df63be4d2df4acea915477002
SHA1

e70bdd344eb35cdb3be895b0f5d0649f266c1537
SHA256

24d0058069dc570d1b9600034802fe93e90c7e1367e9001f7444f0dc9213ec11
SHA512

8feb8adb9b047dc4b37f5fb94e2539c57a7cd0a6025312fdd12abcf2f6f008523f5166d70414fbf3fdaec6b8647ff68d9192c9e4fb66a1ad1012ca4a8b7e8f50
SSDEEP

24576:5u6J33O0c+JY5UZ+XC0kGso6FaN5gf/dzVCK+aKi1ZWY:7u0c++OCvkGs9FaN5KxsKsY

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PAYMENTCONFIRMATIONPRINTOUTCOPYMT103.EXE.exe

Resource

win7-20240903-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

PAYMENTCONFIRMATIONPRINTOUTCOPYMT103.EXE.exe

Resource

win10v2004-20250313-en

agenttesla discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.haliza.com.my
Port:
21
Username:
origin@haliza.com.my
Password:
JesusChrist007$

Targets

- Target
  
  PAYMENTCONFIRMATIONPRINTOUTCOPYMT103.EXE.exe
- Size
  
  1.1MB
- MD5
  
  5c40710df63be4d2df4acea915477002
- SHA1
  
  e70bdd344eb35cdb3be895b0f5d0649f266c1537
- SHA256
  
  24d0058069dc570d1b9600034802fe93e90c7e1367e9001f7444f0dc9213ec11
- SHA512
  
  8feb8adb9b047dc4b37f5fb94e2539c57a7cd0a6025312fdd12abcf2f6f008523f5166d70414fbf3fdaec6b8647ff68d9192c9e4fb66a1ad1012ca4a8b7e8f50
- SSDEEP
  
  24576:5u6J33O0c+JY5UZ+XC0kGso6FaN5gf/dzVCK+aKi1ZWY:7u0c++OCvkGs9FaN5KxsKsY
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.