IOC Radar
SHA1MediumSignal 100/100

2472433fc004171a5a3f16302b26310421cdf12e

Location
PeruPeru
First Seen
Apr 2, 2025
Last Seen
Feb 8, 2026
Apr 2
First Seen
455d ago
Feb 8
Last Seen
143d ago
8
Reports
source reports
99%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Feed Intelligence Summary

8 reports99% confidence
8
Source reports
99%
Confidence score
Category tags
agent teslaagenttesla malware activityagenttesla rat infectionattackbotnetcalls-wmichecks-bioschecks-network-adapterschecks-user-inputcode executioncommand and controlcommand executioncommercial ratcredential accesscredential harvestingcredential theftdata exfiltrationdetect-debug-environmentdistributed attacksexeexfiltrationfile-hashfilesindicatorinformation stealerinfostealeringress tool transferjameswt_wtlong-sleepsmalicious activitymalicious softwaremalwaremalware distributionoperating systempeexeperuphishing attackprocess injectionratremote accessremote servicesresearchedsocial engineeringsoftware exploitationsouth americat1003t1005t1021t1021.001t1027t1033t1041t1048t1053.005t1055t1056t1056.001t1057t1059t1059.001t1069.001t1071t1071.001t1078t1082t1083t1087t1105t1113t1115t1124t1140t1185t1189t1203t1204t1204.002t1486t1496t1499.002t1499.003t1547t1552t1555t1565t1566t1566.001t1566.002t1566.003t1588.002threat actortrojan malwarewin32 malwarewindows malware

Activity Timeline

1 total obs
Feb 8Feb 8

Threat Activity Heatmap

· Peak: 2026-02-08
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
8
Reports
First seenApr 2, 2025
Last seenFeb 8, 2026

VirusTotal

Not checked

WHOIS

description
Agent Tesla es una herramienta de acceso remoto disponible para compra en un sitio web oficial, supuestamente promocionada como un programa legítimo; sin embargo, en realidad, se utiliza con fines maliciosos por ciberdelincuentes para robar datos personales. Los desarrolladores intentan dar una impresión de legitimidad, pero en realidad, fomentan su uso para el control y la monitorización de equipos ajenos, obteniendo beneficios de diversas maneras, como el registro de pulsaciones de teclas para obtener acceso a cuentas de víctimas.
references
https://www.virustotal.com/graph/embed/g1dc15d29f9c04db090d811160eb39e46579edabe110b4703982317c7ce9e13cc?theme=light, https://darfe.es/ciberwiki/index.php?title=Agent_Tesla

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 8 threat reports