agenttesla | 8dbad0a522a6c2545965cf75bb52ee23749073e3d55f97165faf92b109f87c68 | Triage

Submit
Reports

Overview

overview

Static

static

1

New Compre...er.zip

windows11-21h2-x64

Sharing

General

Target

New Compressed (zipped) Folder.zip
Size

767B
Sample

231202-2cvsjsgb4w
MD5

03a2a7cfbbdc73e5971d8c54a171a281
SHA1

86a6f06381859aa34fc8932368b1da243323773b
SHA256

8dbad0a522a6c2545965cf75bb52ee23749073e3d55f97165faf92b109f87c68
SHA512

b81d28ab4c9e3f72410e04e89bed04704aa58c897df5c56afa8c02022793f508cb51ba104edb7a2f1b934a2904429807e475c5e700bb77da7eed857f30dbcba5

Score

10^/10

agenttesla privateloader risepro xmrig zgrat keylogger loader miner rat spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

New Compressed (zipped) Folder.zip

Resource

win11-20231128-en

agenttesla privateloader risepro xmrig zgrat keylogger loader miner rat spyware stealer trojan upx

windows11-21h2-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
kFxADjwNBm$_

Targets

- Target
  
  New Compressed (zipped) Folder.zip
- Size
  
  767B
- MD5
  
  03a2a7cfbbdc73e5971d8c54a171a281
- SHA1
  
  86a6f06381859aa34fc8932368b1da243323773b
- SHA256
  
  8dbad0a522a6c2545965cf75bb52ee23749073e3d55f97165faf92b109f87c68
- SHA512
  
  b81d28ab4c9e3f72410e04e89bed04704aa58c897df5c56afa8c02022793f508cb51ba104edb7a2f1b934a2904429807e475c5e700bb77da7eed857f30dbcba5
Score

10^/10

agenttesla privateloader risepro xmrig zgrat keylogger loader miner rat spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- XMRig Miner payload
  miner
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaprivateloaderriseproxmrigzgratkeyloggerloaderminerratspywarestealertrojanupx

© 2018-2024

Terms | Privacy