agenttesla | aa11f352c3358d95bbee240a562519763af7625f4237d13f2764a0a0fa0223d1 | Triage

Submit
Reports

Overview

overview

Static

static

3

Payment Sl...cr.exe

windows7-x64

Payment Sl...cr.exe

windows10-2004-x64

Resubmissions

28-03-2024 07:10

240328-hzvlhsch53 10

28-03-2024 07:08

240328-hx74tsch28 10

Sharing

General

Target

Payment Slip (SWIFT)úPDF.scr.exe
Size

2.8MB
Sample

240328-hx74tsch28
MD5

98eb55275c529b7687b176c76c53a759
SHA1

2819b9d765d4231beafc2f266f1b062665a850f9
SHA256

aa11f352c3358d95bbee240a562519763af7625f4237d13f2764a0a0fa0223d1
SHA512

46b8cd8cff1c2d90266182c9b40bb0587cf6006643f15817279befcb7a4db13e2eef9e385fdde82ce08d83ddbaba483ee7257219247a50edb55da8b5db0657d6
SSDEEP

49152:dU2zbLL2YsJIZk3c42IrDjy/AnzqSppF7Lw8KR1T:Fzb+7Z3NrD+/YqqtK

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment Slip (SWIFT)úPDF.scr.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment Slip (SWIFT)úPDF.scr.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
gbasend@qlststv.com
Password:
KART&&UK55@@!!
Email To:
gbagets@aoqiinflatables.com

Targets

- Target
  
  Payment Slip (SWIFT)úPDF.scr.exe
- Size
  
  2.8MB
- MD5
  
  98eb55275c529b7687b176c76c53a759
- SHA1
  
  2819b9d765d4231beafc2f266f1b062665a850f9
- SHA256
  
  aa11f352c3358d95bbee240a562519763af7625f4237d13f2764a0a0fa0223d1
- SHA512
  
  46b8cd8cff1c2d90266182c9b40bb0587cf6006643f15817279befcb7a4db13e2eef9e385fdde82ce08d83ddbaba483ee7257219247a50edb55da8b5db0657d6
- SSDEEP
  
  49152:dU2zbLL2YsJIZk3c42IrDjy/AnzqSppF7Lw8KR1T:Fzb+7Z3NrD+/YqqtK
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy