AgentTesla4

AgentTesla .NET MaaS 2014. XLS dropper. SMTP/FTP/Telegram exfil. freightfacilitators.com C2. Keylogger+clipboard.

Threat Profile
Type Infostealer
Programming LanguageC#/.NET
C2 ProtocolSMTP/FTP/HTTP
First Seen2014
Targets Finans/Kurumsal
Purpose / Capabilities
  • Keylogger+Credential Stealer

C2 Servers 2

1 Active
Address Port Protocol Status Action
freightfacilitators.com
443 HTTPS Active
iplam.co
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (2)

High

AgentTesla -- XLS Droppper, freightfacilitators.com C2, iplam.co, O365 Relay İzi | Yüksek

AgentTesla 1.7MB XLS dosyasi. freightfacilitators.com C2. iplam.co kisa .co TLD. O365 FR1PEPF Fransa relay sunucusu.

Read Report →
Critical

AgentTesla 4 -- SWIFT_Payment_Receipt_30062026 Lure, Danimarka Obfuskasyon, BTC 12KHQsz | Kritik

AgentTesla SWIFT ödeme makbuzu lure. Danimarka dili obfusation. BTC 12KHQszuj + 1DQsERzx.

Read Report →