agenttesla | df376d52357655f947fc5295ee5a3194d2fa7d76e50fdab9e4210c1c33aa7490 | Triage

Submit
Reports

Overview

overview

Static

static

1

PO_7410091...14.exe

windows7-x64

7

PO_7410091...14.exe

windows10-2004-x64

Sharing

General

Target

PO_7410091 & Sales Contract 0514_1.7z
Size

1.1MB
Sample

250328-qlhzkawxay
MD5

3ab9a988b1f8c1b7b90394ed8bae9a76
SHA1

094e4ae217c6ac086584a59489bc97828ba8c911
SHA256

df376d52357655f947fc5295ee5a3194d2fa7d76e50fdab9e4210c1c33aa7490
SHA512

2952a04265e1a4889314538f1790c026015be64037faf8e473ffc04f54bd8551a920c9a529cc95c06bf602d279fd09d5cb56e938d5f7d61be84673389a7e5c0c
SSDEEP

24576:4KjtADUbcq6cfovqueHXr+0yOQ+pLiMqbEwiFoi1MoWaJZGjueJw:fcwcfsoSu2Xr7yOQ+pLidbjiFf1/nbG4

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO_7410091 & Sales Contract 0514.exe

Resource

win7-20240903-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO_7410091 & Sales Contract 0514.exe

Resource

win10v2004-20250314-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
admin@iaa-airferight.com
Password:
manlikeyou88
Email To:
admin@iaa-airferight.com

Targets

- Target
  
  PO_7410091 & Sales Contract 0514.exe
- Size
  
  1.3MB
- MD5
  
  7ed3e58d0acc9137cd7df2c3de2cf24e
- SHA1
  
  d242be811a8cd5c8bcef192aabd86813eaf44807
- SHA256
  
  b7609fc82f166683cdd8a5875ed6eb917e6a94998c30abf3950e752fc13e38e7
- SHA512
  
  9dde9ca1e04c2d9c08638ffd813f87d4218bd61c77b71ac31df77352c869a5216dd35534f6a1e0e0dd9095567a5356fc5edc4143988899c3497cfa731eab6d7a
- SSDEEP
  
  24576:hiLzQFKqb7qrb6BvqAepzfhOyFWeELW6liNd5PbjcnoqiJYG6lL9BTD:YgQW7w+BSA0zfgyFWeELWgiv5PncovaH
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.