agenttesla | 2cc218a62d049d31355e7976c899c8dc1054a6adfc82ab27497b08f780644f83 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...cr.exe

windows7-x64

QUOTATION_...cr.exe

windows10-2004-x64

Sharing

General

Target

QUOTATION_MARQTRA031244úPDF.scr.exe
Size

2.8MB
Sample

240328-xamxpseb82
MD5

f676b2e399bb66aff93ea75e288cc77a
SHA1

c070d9d7f4209197a1de3863d3931c793de2f600
SHA256

2cc218a62d049d31355e7976c899c8dc1054a6adfc82ab27497b08f780644f83
SHA512

15cc02ba0f93ab14812afc32b9ce1f4a6f8183a2a519286b4bdd79e25be3e6b55f9439e9e739d313794d2df35a7783c9caf742ccb5f5a7c7a500463debf9afcb
SSDEEP

49152:6hIFVTE9ox8jJbzMM8HBKTRyjylyT0naL374neHJwZ/nK:2IKghKNgsywa77bHJwtn

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_MARQTRA031244úPDF.scr.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_MARQTRA031244úPDF.scr.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
dworld@qlststv.com
Password:
Dasco..!@@hT!3V
Email To:
dascogets@aoqiinflatables.com

Targets

- Target
  
  QUOTATION_MARQTRA031244úPDF.scr.exe
- Size
  
  2.8MB
- MD5
  
  f676b2e399bb66aff93ea75e288cc77a
- SHA1
  
  c070d9d7f4209197a1de3863d3931c793de2f600
- SHA256
  
  2cc218a62d049d31355e7976c899c8dc1054a6adfc82ab27497b08f780644f83
- SHA512
  
  15cc02ba0f93ab14812afc32b9ce1f4a6f8183a2a519286b4bdd79e25be3e6b55f9439e9e739d313794d2df35a7783c9caf742ccb5f5a7c7a500463debf9afcb
- SSDEEP
  
  49152:6hIFVTE9ox8jJbzMM8HBKTRyjylyT0naL374neHJwZ/nK:2IKghKNgsywa77bHJwtn
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy