agenttesla | b0e95c2afd35df5658a658db20cd09e317ef9824953c8a2caa7a3481ccda67cc | Triage

Submit
Reports

Overview

overview

Static

static

PO OAU_MAR...DF.scr

windows7-x64

PO OAU_MAR...DF.scr

windows10-2004-x64

Sharing

General

Target

PO OAU_MARQTRFA00541·PDF.scr
Size

2.2MB
Sample

240328-bxnlvscf6s
MD5

71f1764ff86578373d0e43ba72624422
SHA1

744455346e589dd9c9ea57a7e487d97be33c1086
SHA256

b0e95c2afd35df5658a658db20cd09e317ef9824953c8a2caa7a3481ccda67cc
SHA512

7f791881c202fa4e428102e15b3bacde9d9f7f65715585c4ae0f79c3c9dcadf44fff7990c65204ff71f8313dae88844ad66b70ebc61d925f1cbd322b04262628
SSDEEP

49152:+0ceU1s2TQNvOAbvtJAntMpSlbSrYGbgN0Jq:zceU1PQdOMfAtMp+b2s

Score

10^/10

agenttesla purelogstealer zgrat keylogger rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

PO OAU_MARQTRFA00541·PDF.scr

Resource

win7-20240221-en

purelogstealer zgrat rat stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO OAU_MARQTRFA00541·PDF.scr

Resource

win10v2004-20240226-en

agenttesla purelogstealer zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
Dasco..!@@hT!3V
Email To:
[email protected]

Targets

- Target
  
  PO OAU_MARQTRFA00541·PDF.scr
- Size
  
  2.2MB
- MD5
  
  71f1764ff86578373d0e43ba72624422
- SHA1
  
  744455346e589dd9c9ea57a7e487d97be33c1086
- SHA256
  
  b0e95c2afd35df5658a658db20cd09e317ef9824953c8a2caa7a3481ccda67cc
- SHA512
  
  7f791881c202fa4e428102e15b3bacde9d9f7f65715585c4ae0f79c3c9dcadf44fff7990c65204ff71f8313dae88844ad66b70ebc61d925f1cbd322b04262628
- SSDEEP
  
  49152:+0ceU1s2TQNvOAbvtJAntMpSlbSrYGbgN0Jq:zceU1PQdOMfAtMp+b2s
Score

10^/10

purelogstealer zgrat rat stealer agenttesla keylogger spyware trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

purelogstealerzgratratstealer

behavioral2

agentteslapurelogstealerzgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy