agenttesla | bf9d20d99da73a2ca91870763627b1c05d97bf401617d35d5f407e30ab412f22 | Triage

Submit
Reports

Overview

overview

Static

static

1

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

Sharing

General

Target

QUOTATION_MARQTRA031244·PDF.scr
Size

2.3MB
Sample

240313-mbzb1sah3x
MD5

07e69fa42a4821aad667f339471bd310
SHA1

3015b1978f06d7898ac9485d361213b955cb9b2d
SHA256

bf9d20d99da73a2ca91870763627b1c05d97bf401617d35d5f407e30ab412f22
SHA512

9c95c4e7ad6e3d8131867b0f70043e137d46852617b65adcf28cb7d5cbdaf25a9a966da647e927f5b536318baef8b9a7447ecfa3598f33de3ca99c71e9083101
SSDEEP

49152:WsCjGxPVtMZrmNaMMuPYHw+wE1M1JZgB/I4VFP6Pnef2MT2Gq0Rl5:xCjGvtM1F5ugHwxEUJe632fp2s

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

QUOTATION_MARQTRA031244·PDF.scr

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_MARQTRA031244·PDF.scr

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
28#75@ts76&&p!!@P
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_MARQTRA031244·PDF.scr
- Size
  
  2.3MB
- MD5
  
  07e69fa42a4821aad667f339471bd310
- SHA1
  
  3015b1978f06d7898ac9485d361213b955cb9b2d
- SHA256
  
  bf9d20d99da73a2ca91870763627b1c05d97bf401617d35d5f407e30ab412f22
- SHA512
  
  9c95c4e7ad6e3d8131867b0f70043e137d46852617b65adcf28cb7d5cbdaf25a9a966da647e927f5b536318baef8b9a7447ecfa3598f33de3ca99c71e9083101
- SSDEEP
  
  49152:WsCjGxPVtMZrmNaMMuPYHw+wE1M1JZgB/I4VFP6Pnef2MT2Gq0Rl5:xCjGvtM1F5ugHwxEUJe632fp2s
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy