agenttesla | 1fb365488fa5c6928a3c4caf19de095c36c8eec283d469ee7e87edbef984ce48 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.12680.30825.exe
Size

622KB
Sample

231211-tddawsbcfj
MD5

044bd76314b50926e135c74fc69ae628
SHA1

b64bb48dad10e831e502e62603e21a109523ffec
SHA256

1fb365488fa5c6928a3c4caf19de095c36c8eec283d469ee7e87edbef984ce48
SHA512

514dab28c301d978c77b16aceaa8bd3b0b65f87202e625cd80993a4eabc29a9aeec9f24380e4f8b9d24d18dc6504a48929b504adf327e39af1fdb22a09bd6c9e
SSDEEP

12288:r3IU8S6eUdfHDTX+m6NugwvwTwog94BISUCVYuymn9BJWeLKrX/YJDUisMF:bItSAdfHD7+ZNTwvIK943UCauFkeWQJP

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ariafarin.com
Port:
587
Username:
[email protected]
Password:
AFJ@2019#$%
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.12680.30825.exe
- Size
  
  622KB
- MD5
  
  044bd76314b50926e135c74fc69ae628
- SHA1
  
  b64bb48dad10e831e502e62603e21a109523ffec
- SHA256
  
  1fb365488fa5c6928a3c4caf19de095c36c8eec283d469ee7e87edbef984ce48
- SHA512
  
  514dab28c301d978c77b16aceaa8bd3b0b65f87202e625cd80993a4eabc29a9aeec9f24380e4f8b9d24d18dc6504a48929b504adf327e39af1fdb22a09bd6c9e
- SSDEEP
  
  12288:r3IU8S6eUdfHDTX+m6NugwvwTwog94BISUCVYuymn9BJWeLKrX/YJDUisMF:bItSAdfHD7+ZNTwvIK943UCauFkeWQJP
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerpersistenceratspywarestealertrojan