agenttesla | d8d456407e90181fffcf4c2cf75d5473cee99e4988cb261368bb4d879729bf33 | Triage

Submit
Reports

Overview

overview

Static

static

3

chima(1).exe

windows7-x64

chima(1).exe

windows10-2004-x64

Sharing

General

Target

d8d456407e90181fffcf4c2cf75d5473cee99e4988cb261368bb4d879729bf33
Size

608KB
Sample

231212-ccmz9sdacm
MD5

c31159744f740252efd0406bd11199eb
SHA1

150e6837865dcc8ee0195e7f45298b58ce29f7ff
SHA256

d8d456407e90181fffcf4c2cf75d5473cee99e4988cb261368bb4d879729bf33
SHA512

852a0dae35531087465c25f47b364bf8ee45d00cd0aa89c285dbc6b5de8fa49bc6680e2e0515b88105fbcba402b1fb7c44bbd1571f7403bcdcbff78050e39cc3
SSDEEP

12288:LVmN5dP68u9twtnmbndmU1DX7G9ku+LB3enB36/tecE:LAXDPmxmqjKYmB36FDE

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

chima(1).exe

Resource

win7-20231129-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

chima(1).exe

Resource

win10v2004-20231127-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acestar.com.ph
Port:
587
Username:
[email protected]
Password:
cssubic@12345
Email To:
[email protected]

Targets

- Target
  
  chima(1).exe
- Size
  
  647KB
- MD5
  
  cceace4ecb1be92ee5deca9952a4235d
- SHA1
  
  43d2e15471c65b8fd68585e611f74d82f3f02c35
- SHA256
  
  abdca3519d0c75bbdf734fbefc073a7add76a9cd0a3d07874ddec16edd5fdaf0
- SHA512
  
  90f0a2d4a376d5972e9437ca92f18fabdf2eb8eddc4c8d33ba7f5b1402d2644c8af6dd474d335c29994b66d270e0da45f39187c729d53ead4838e2dd746c73ca
- SSDEEP
  
  12288:Zw3IU8S6eUdjbB9vq53fUQXELfc9J8/So1lpsXWGfV21enBdGSfzazJvUJHe:ZOItSAdPI3f3XSk9y/HlpsXWGd2IBd/P
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy