agenttesla | f3b845d97dc4f67e6e99f50343a1a69a1985ba35fefd8ad20590577f79b4aeb0 | Triage

Submit
Reports

Overview

overview

Static

static

1

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

TRASMISSIONE NS ORDINE NR S34 RIF. PETRILLI A.z
Size

2.1MB
Sample

240313-s7ev5sgh3w
MD5

485c22eaac3cc8298383b533c2fe370b
SHA1

70a036dde5d2fb9812a0c6efc252b5c738879301
SHA256

f3b845d97dc4f67e6e99f50343a1a69a1985ba35fefd8ad20590577f79b4aeb0
SHA512

a1666a17a82a0da116cf3f4799d54923c8d2d9cd41d09a2a2f6c74af4dc9153cd69f40847bec139d7cfb7b489db316f2a1a24d0fe8a714ed41b175380d8aa04b
SSDEEP

49152:3+6sK3FkB2EfekPDtkIyUcgUKrG1Lsoynrg1pL6hZFJZV4F0Oe+:353GzWgDGjUcgBXzhzZY0O1

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

QUOTATION_MARQTRA031244PDF.scr

Resource

win7-20240220-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_MARQTRA031244PDF.scr

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
28#75@ts76&&p!!@P
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_MARQTRA031244PDF.scr
- Size
  
  2.3MB
- MD5
  
  07e69fa42a4821aad667f339471bd310
- SHA1
  
  3015b1978f06d7898ac9485d361213b955cb9b2d
- SHA256
  
  bf9d20d99da73a2ca91870763627b1c05d97bf401617d35d5f407e30ab412f22
- SHA512
  
  9c95c4e7ad6e3d8131867b0f70043e137d46852617b65adcf28cb7d5cbdaf25a9a966da647e927f5b536318baef8b9a7447ecfa3598f33de3ca99c71e9083101
- SSDEEP
  
  49152:WsCjGxPVtMZrmNaMMuPYHw+wE1M1JZgB/I4VFP6Pnef2MT2Gq0Rl5:xCjGvtM1F5ugHwxEUJe632fp2s
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy