agenttesla | 566d8749e166436792dfcbb5e5514f18c9afc0e1314833ac2e3d86f37ff2030f | Triage

Submit
Reports

Overview

overview

Static

static

1

PO OAU_DEC...cr.exe

windows7-x64

PO OAU_DEC...cr.exe

windows10-2004-x64

Sharing

General

Target

PO OAU_DECQTRFA00541·PDF.scr.exe
Size

1.0MB
Sample

231224-jw4wfsbccj
MD5

3294d2af361c80011932b8f7072b7f88
SHA1

b18d0e7ea33e53655f762382e950778ef85dd561
SHA256

566d8749e166436792dfcbb5e5514f18c9afc0e1314833ac2e3d86f37ff2030f
SHA512

82ecd16ff9e7eb3a97d64c0c6436965a2da9c055bf0787b8951181909312c5a57018dbbe557f7b99c074028f451566fdd73bad92c6b38fecff27783dc87c0e4f
SSDEEP

12288:n6952FCwL9s1sdVUULtfZJrXoCc27z+IWMHexsRipnF4Hx3oLbX4H8PZDN:n695Twu1yf/oy7zCOONN

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO OAU_DECQTRFA00541·PDF.scr.exe

Resource

win7-20231215-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO OAU_DECQTRFA00541·PDF.scr.exe

Resource

win10v2004-20231215-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
MCgD#w!TZ505!!@@
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
MCgD#w!TZ505!!@@

Targets

- Target
  
  PO OAU_DECQTRFA00541·PDF.scr.exe
- Size
  
  1.0MB
- MD5
  
  3294d2af361c80011932b8f7072b7f88
- SHA1
  
  b18d0e7ea33e53655f762382e950778ef85dd561
- SHA256
  
  566d8749e166436792dfcbb5e5514f18c9afc0e1314833ac2e3d86f37ff2030f
- SHA512
  
  82ecd16ff9e7eb3a97d64c0c6436965a2da9c055bf0787b8951181909312c5a57018dbbe557f7b99c074028f451566fdd73bad92c6b38fecff27783dc87c0e4f
- SSDEEP
  
  12288:n6952FCwL9s1sdVUULtfZJrXoCc27z+IWMHexsRipnF4Hx3oLbX4H8PZDN:n695Twu1yf/oy7zCOONN
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy