agenttesla | ea5b66b7ded52682eb5663c416cf1b0e0c6f512e38ace996dcac6982eec082e0 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...44.lzh

windows7-x64

1

QUOTATION_...44.lzh

windows10-2004-x64

3

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

Sharing

General

Target

QUOTATION_APRQTRA031244.z
Size

2.3MB
Sample

240509-lj277sdh57
MD5

e9f8f7da8c47dd4f2559cbbac94a02e7
SHA1

ab842ba8f40d4fe05f55504f9f81e2ae3892928e
SHA256

ea5b66b7ded52682eb5663c416cf1b0e0c6f512e38ace996dcac6982eec082e0
SHA512

5d27fd8cc5b5790f1340dd72236c19d1eb75be3aef449074907603352cbd77f295680f7198ac38c7a6ebac8dedd08ab29537b1b90c5f5bb6cf407a62ff693b03
SSDEEP

49152:YboaZ0w9/lVyEx49z4F7tFb1eTqGm2HCB/Oe4g2/pJFUkAIJ7k3lgNbmA:yoaZ0wV9q03ZeTU6YOLh/Gk17kVgwA

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_APRQTRA031244.lzh

Resource

win7-20240419-en

windows7-x64

0 signatures

300 seconds

Behavioral task

behavioral2

Sample

QUOTATION_APRQTRA031244.lzh

Resource

win10v2004-20240508-en

windows10-2004-x64

3 signatures

300 seconds

Behavioral task

behavioral3

Sample

QUOTATION_APRQTRA031244PDF.scr

Resource

win7-20240508-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral4

Sample

QUOTATION_APRQTRA031244PDF.scr

Resource

win10v2004-20240426-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
RaFv@tsTUK55@@<<!!
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
RaFv@tsTUK55@@<<!!

Targets

- Target
  
  QUOTATION_APRQTRA031244.z
- Size
  
  2.3MB
- MD5
  
  e9f8f7da8c47dd4f2559cbbac94a02e7
- SHA1
  
  ab842ba8f40d4fe05f55504f9f81e2ae3892928e
- SHA256
  
  ea5b66b7ded52682eb5663c416cf1b0e0c6f512e38ace996dcac6982eec082e0
- SHA512
  
  5d27fd8cc5b5790f1340dd72236c19d1eb75be3aef449074907603352cbd77f295680f7198ac38c7a6ebac8dedd08ab29537b1b90c5f5bb6cf407a62ff693b03
- SSDEEP
  
  49152:YboaZ0w9/lVyEx49z4F7tFb1eTqGm2HCB/Oe4g2/pJFUkAIJ7k3lgNbmA:yoaZ0wV9q03ZeTU6YOLh/Gk17kVgwA
Score

3^/10
behavioral1 behavioral2
- Target
  
  QUOTATION_APRQTRA031244PDF.scr
- Size
  
  2.4MB
- MD5
  
  8292bb185757c42a2a78f778e84fecb7
- SHA1
  
  c14d9db05e71199e6c6e97b84a016e8c048082fc
- SHA256
  
  f9642f3129cafa597a61904afabd06a8f85b54c1bfba6c6d3a1a25e43103d67c
- SHA512
  
  4759dae21da7236d012a67a7283bcfda67ecd7995b66ae34a7389dc88b794d8ef6702aedaf7dc931f638b1954da794c9ed18bb3803a42d0e91665ca5f7a417c7
- SSDEEP
  
  49152:1ZCaq2Vww4p1CzaVLmqFb9l5C7Jo6ZZ5w252njC:1ZCl2rm1CgLl5WZ32m
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslazgratkeyloggerratspywarestealertrojan

behavioral4

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy