agenttesla | 180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123 | Triage

Submit
Reports

Overview

overview

Static

static

7

180896df7d...23.exe

windows7-x64

180896df7d...23.exe

windows10-2004-x64

Sharing

General

Target

180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123
Size

702KB
Sample

240427-b36pmagd78
MD5

73cf576f8b9052985b473488a5b4816a
SHA1

75aeec0ab7a8cd10e487df65a988d1b9b13475a3
SHA256

180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123
SHA512

d911fd9efb3611b450a646cb3979ba5f8ae682ce9e2e96296cdf4ecdbf5aa618d9094cd4c2312d961c507294e7e9e9bd4568c15ee1161c9e34409c1cc22e191d
SSDEEP

12288:msHzOUNUSB/o5LsI1uwajJ5yvv1l2RjmrLmxGi7qidkiKz3PeLk/NYZC6Nhe:JiUmSB/o5d1ubcvGxFqAmz3PmkGk6Nhe

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123.exe

Resource

win10v2004-20240419-en

agenttesla zgrat keylogger rat spyware stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.torreperogil.es
Port:
587
Username:
[email protected]
Password:
padremiguelantonio
Email To:
[email protected]

Targets

- Target
  
  180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123
- Size
  
  702KB
- MD5
  
  73cf576f8b9052985b473488a5b4816a
- SHA1
  
  75aeec0ab7a8cd10e487df65a988d1b9b13475a3
- SHA256
  
  180896df7dc93c43d3da245c9f40c20f10902bc4d1a8b38386ec1ce185e71123
- SHA512
  
  d911fd9efb3611b450a646cb3979ba5f8ae682ce9e2e96296cdf4ecdbf5aa618d9094cd4c2312d961c507294e7e9e9bd4568c15ee1161c9e34409c1cc22e191d
- SSDEEP
  
  12288:msHzOUNUSB/o5LsI1uwajJ5yvv1l2RjmrLmxGi7qidkiKz3PeLk/NYZC6Nhe:JiUmSB/o5d1ubcvGxFqAmz3PmkGk6Nhe
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojanupx

behavioral2

agentteslazgratkeyloggerratspywarestealertrojanupx

© 2018-2024

Terms | Privacy