agenttesla | b8679b2fabfde6416ec8c7cf1d2d5eeca2c1ed5fdc8dc5d8cb7b11edaafa2be8 | Triage

Submit
Reports

Overview

overview

Static

static

3

OVERDUE AC...ER.exe

windows7-x64

7

OVERDUE AC...ER.exe

windows10-2004-x64

Sharing

General

Target

OVERDUE ACCOUNT LETTER- FINAL REMINDER.tar.001.tar
Size

1.4MB
Sample

250328-qlgrhawwhs
MD5

6283cd37992f7ed23b5eb012c578b540
SHA1

574d1ca2ea2100c03523e32c4784eb1519b7fe4c
SHA256

b8679b2fabfde6416ec8c7cf1d2d5eeca2c1ed5fdc8dc5d8cb7b11edaafa2be8
SHA512

f2f87f50b04f73ed2dcf125cef30588e4e0c273349d2faa66508bb0854b85f82e4abcc925b83b335c18eedc023c753223077fda0949ceaf763314688cb2d2337
SSDEEP

24576:Ue8Sdf0hsacM3n3CzewoMIUrZMVo6b+G5JiZTnkrd++9c4350s:qSpgsaXnW26mt+GKTK1aA50s

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OVERDUE ACCOUNT LETTER- FINAL REMINDER.exe

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

OVERDUE ACCOUNT LETTER- FINAL REMINDER.exe

Resource

win10v2004-20250314-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
BIGNAIRA2024
Email To:
[email protected]

Targets

- Target
  
  OVERDUE ACCOUNT LETTER- FINAL REMINDER.exe
- Size
  
  1.4MB
- MD5
  
  3b8df9d91686abf51fd6db510ca8a9ed
- SHA1
  
  52296a689e0d9c07a5eb018c21fdfeb64c0239c6
- SHA256
  
  f888c4770bbbbcad15c357d6731ff8f5afd7e62e4c35652f3dc3ede6c36b66e9
- SHA512
  
  8b7d4017b747e680aef9eaa9ecea91a1e6295c69e4a5ee846b6159fbf6a7ddd0668cb54ff9006682b0d17f33054ad0a67a74e89ae8c9aa3ccc69d5ba0a31371f
- SSDEEP
  
  24576:Ae8Sdf0hsacM3n3CzewoMIUrZMVo6b+G5JiZTnkrd++9c4350s:GSpgsaXnW26mt+GKTK1aA50s
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy