In-Depth Analysis of A New Variant of .NET Malware AgentTesla
Tags
Common Information
| Type | Value |
|---|---|
| UUID | fc186522-438d-4e2b-af4a-31f1a28968d5 |
| Fingerprint | ac319d42683aaf8f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 28, 2017, midnight |
| Added to db | Jan. 18, 2023, 11:18 p.m. |
| Last updated | Nov. 17, 2024, 6:31 p.m. |
| Headline | In-Depth Analysis of A New Variant of .NET Malware AgentTesla |
| Title | In-Depth Analysis of A New Variant of .NET Malware AgentTesla |
| Detected Hints/Tags/Attributes | 51/1/22 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ohybgfwmcpwnnpvvuteitvak.open |
|
| Details | Domain | 1 | bipvjqwtceisuiuipczbpswruhrwp.open |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | www.vacanzaimmobiliare.it |
|
| Details | File | 1 | javs.exe |
|
| Details | File | 1 | today.exe |
|
| Details | File | 46 | microsoft.xml |
|
| Details | File | 1 | %temp%\javs.exe |
|
| Details | File | 59 | post.php |
|
| Details | File | 1 | %appdata%\java\javaupdtr.exe |
|
| Details | File | 3 | javaupdtr.exe |
|
| Details | File | 1 | appdata_java_javaupdtr.exe |
|
| Details | File | 3 | %appdata%\screenshot\screen.jpeg |
|
| Details | File | 1 | screen.jpeg |
|
| Details | File | 1 | javauptr.exe |
|
| Details | File | 1 | outstanding.doc |
|
| Details | sha256 | 1 | 1a713e4ddd8b1a6117c10afe0c45496dfb61154bff79a6dee0a9ffb0518f33d3 |
|
| Details | sha256 | 1 | 5d4e22be32dce5474b61e0df305861f2c07b10ddadbc2dc937481c7d2b736c81 |
|
| Details | IPv4 | 1 | 45.77.35.239 |
|
| Details | Url | 1 | http://45.77.35.239/1/today.exe |
|
| Details | Url | 1 | http://www.vacanzaimmobiliare.it/testla/webpanel/post.php |
|
| Details | Windows Registry Key | 18 | HKCU\Software\Microsoft\Office |