agenttesla | 2b1b9a2c985b1f379fa1f6fed2a2ca8c6bf3c9e352fc4a2c27cdd5dcabaca215 | Triage

Submit
Reports

Overview

overview

Static

static

3

PO OAU_DEC...DF.scr

windows7-x64

PO OAU_DEC...DF.scr

windows10-2004-x64

Sharing

General

Target

2b1b9a2c985b1f379fa1f6fed2a2ca8c6bf3c9e352fc4a2c27cdd5dcabaca215
Size

603KB
Sample

231212-kv8npabeh9
MD5

33ffa779ac3c5f32640aed7e9cceb413
SHA1

6b173eaba7cbf2374ef162fdefed783e69626166
SHA256

2b1b9a2c985b1f379fa1f6fed2a2ca8c6bf3c9e352fc4a2c27cdd5dcabaca215
SHA512

cb89336554ada1ec7eedd66af81c0ba670fa1eae614ce68198168ef64056b0f6b5440b14b4d27689af73578870ff566d67d44d543b11768fe598f1c21ef7f944
SSDEEP

12288:ZmV21dHi21hSHg/is60T0bBMkxnVvH09V7bizyGvvvOpBH:ZmVudCigA/e06NnUvfirvvv8BH

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO OAU_DECQTRFA00541·PDF.scr

Resource

win7-20231023-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO OAU_DECQTRFA00541·PDF.scr

Resource

win10v2004-20231127-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
MCgD#w!TZmaka!@@
Email To:
[email protected]

Targets

- Target
  
  PO OAU_DECQTRFA00541·PDF.scr
- Size
  
  878KB
- MD5
  
  89160b80b6c468aa1df713449fecb85a
- SHA1
  
  8636828e03b268d1ca379e5ec2f0e202934c1d11
- SHA256
  
  4f552d66d0f774acbf75f57ff0a41db9eaa3dfa338795f385865e4c6696713c9
- SHA512
  
  51ade18ae3de559a539e957d8c42c65cbe95aba9c3447b9d1c27d315bba9773f46419266b2b5a4b5898d191fa8ecf4c783b4411af26b9afca3382481f2925528
- SSDEEP
  
  24576:k+1GNss+LA5WGu4Ljs0OyC4dcwFgOy6v2cmzw6murezzzIeIII0IEzlKyskJ66UN:USsjdnseC4nmD6Ocmzw6murezzzIeIIW
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy