agenttesla

General

Target

1e307fa54e185a80b1fb20d4bea7d761f060d6b4f353239fbba300cbc53a2125
Size

607KB
Sample

231212-cclr7secd6
MD5

78d53af30b8b0a8e0371e884447c4d21
SHA1

834cb4b77deb228a63daa8c49deba495babf7dd2
SHA256

1e307fa54e185a80b1fb20d4bea7d761f060d6b4f353239fbba300cbc53a2125
SHA512

1bfbbccc4367d50f1fa6308cd2f950e872f67a5f6a33680db3ea4ae24ce275db75a364988aa2ef7b7be7d0fc160d2e98936d917fdd306c0a33db429e6f6bf0c1
SSDEEP

12288:4hBEwEqJWcPzRjYpP4xBzmDUZaxZUYidst6VwK:AEIHLSt4TzmDUZaxuYgst6VwK

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jpedindia.com
Port:
587
Username:
[email protected]
Password:
tny268@as
Email To:
[email protected]

Targets

- Target
  
  Purchase Order.exe
- Size
  
  646KB
- MD5
  
  fd4f5db156867b51baf72ce10cb1a486
- SHA1
  
  d1c1ce8f0bf2bb7445610333ded67c4759209289
- SHA256
  
  1ff764ec5a79ed2072a558af6de49b863e9e5683e63b3c070e86c9d1b7814f4d
- SHA512
  
  f013a7c900d5f11fe041d88423c07efcbf31fcdc400da00db8be661ddedd5f7913083c3faf5ee6d49ab97741389a21e82c2050870677afc3383b7d5436bc92cb
- SSDEEP
  
  12288:aH3IU8S6eUdsifKXhLvlg8J3PE1Nfjhm6MqOdWK3TLiMl:aXItSAdsiohRgWYHmaOMK33Bl
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2