agenttesla | ec5d3735d3fbc85b1ba98cce0ecd8318c1dc0118d112b3c2e00cead058aa2db7 | Triage

Submit
Reports

Overview

overview

Static

static

Product list.scr

windows7-x64

Product list.scr

windows10-2004-x64

Sharing

General

Target

ec5d3735d3fbc85b1ba98cce0ecd8318c1dc0118d112b3c2e00cead058aa2db7
Size

110KB
Sample

240328-cdvrhacg8x
MD5

600c5daf359d5d9a67f79ff421519812
SHA1

1a0d96937257b162b2d700d166948dc9c2ef2ece
SHA256

ec5d3735d3fbc85b1ba98cce0ecd8318c1dc0118d112b3c2e00cead058aa2db7
SHA512

7af1d23da075c62eb1a22ca711f1813454e1d0ce3f4b0abb82b9497c5c06843a7910d039e2c62fc9f710ad5acdcbdd08fe9c17a60ed88ef2296935bf78c0640b
SSDEEP

3072:udHQGs/wjjjpvFi15A/eNjIb5jw5pzASsrI:PGs/Mjjpvo15AWhINEkSsE

Score

10^/10

agenttesla purelogstealer zgrat keylogger rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Product list.scr

Resource

win7-20231129-en

purelogstealer stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Product list.scr

Resource

win10v2004-20240226-en

agenttesla purelogstealer zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.alualuminium.com.my
Port:
587
Username:
admin@alualuminium.com.my
Password:
U8G4S13#8Zk$
Email To:
smart.le3@yandex.com

Targets

- Target
  
  Product list.scr
- Size
  
  261KB
- MD5
  
  740c71fa7480df0ca835b842c466d190
- SHA1
  
  a495afbf5175fb7c31d5bb79ab5bdefa5842ee40
- SHA256
  
  769e8c82f191a58829d7c5b460b80b6242a2f9b906c3a9b98e0b87fd83c88205
- SHA512
  
  28978c02bed5a684b724a0ec91f50d5e44f6baae7f860ad29d24f133a5b1693f7f4232bdfc1ef0babc79284d2ee8c4630b31370c5acee2243c49f7b33f3b23ea
- SSDEEP
  
  6144:iazT6ew3igBm7IGxRsS71IagwsUKl0zRcP8Ya:ian6emLBm7IGxRsSpsUKx8N
Score

10^/10

purelogstealer stealer agenttesla zgrat keylogger rat spyware trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

purelogstealerstealer

behavioral2

agentteslapurelogstealerzgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy