agenttesla | 97cc97fc2f2d929d2e89c4700899980964d12f30a11152059e1e1faf93b21aa7 | Triage

Sharing

General

Target

factura pendiente.exe
Size

619KB
Sample

231211-ztefsaafd9
MD5

92e8f31ae6f6d570c7e3966ca0a5ac73
SHA1

4677caeebb7a443741ca411e528eae015f988de1
SHA256

97cc97fc2f2d929d2e89c4700899980964d12f30a11152059e1e1faf93b21aa7
SHA512

94b31f99f90214e397367a2fe570ddb05f0ca6cee4badd89d480b4e084ec2c69429737becb1abb9a5849feb7d81704115e254255f3ccc7ae2b8a7f25d7625de0
SSDEEP

12288:83IU8S6eUdni/24/AIG82dIStnBpYVVEPO90IsVRVU71pEMccX4mJt6B:aItSAdnie4/A7ddoVyPOmzV7YeMeGQB

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6381414841:AAFH0klFN21XG8PsAP5mFZBYcjb663pXP0E/

Targets

- Target
  
  factura pendiente.exe
- Size
  
  619KB
- MD5
  
  92e8f31ae6f6d570c7e3966ca0a5ac73
- SHA1
  
  4677caeebb7a443741ca411e528eae015f988de1
- SHA256
  
  97cc97fc2f2d929d2e89c4700899980964d12f30a11152059e1e1faf93b21aa7
- SHA512
  
  94b31f99f90214e397367a2fe570ddb05f0ca6cee4badd89d480b4e084ec2c69429737becb1abb9a5849feb7d81704115e254255f3ccc7ae2b8a7f25d7625de0
- SSDEEP
  
  12288:83IU8S6eUdni/24/AIG82dIStnBpYVVEPO90IsVRVU71pEMccX4mJt6B:aItSAdnie4/A7ddoVyPOmzV7YeMeGQB
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerpersistenceratspywarestealertrojan