Overview

overview

10

Static

static

3

6847ce75c0...0d.exe

windows7-x64

1

6847ce75c0...0d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6847ce75c0375d36e337e422751753c4b7ff87fb6d2c00d5ef59911427f89d0d

  • Size

    23KB

  • Sample

    231212-cr3z2adcep

  • MD5

    2fb49f8666cd78b0ccc746c97c2d76d2

  • SHA1

    72b378efc36eba9d1b444ce7a2f7bcb9794c2f0e

  • SHA256

    6847ce75c0375d36e337e422751753c4b7ff87fb6d2c00d5ef59911427f89d0d

  • SHA512

    2109820c70352b000bdf1487947540cc4362a5f531a22d04dee7d7aefddce441dbfb882662ef2059e50a5b5671b3b8bbadbaa9f8df51eba38dbe7168b446eec3

  • SSDEEP

    384:s75dqurNFZ3I+F52Bjh7gmkODaglshmJuSxFv5JQzKoX9u:s7Hj5L9Mh7gvhmJPTJQzKy9u

Score
10/10
agentteslazgratkeyloggerpersistenceratspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.jaazgroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    cincin/123

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      6847ce75c0375d36e337e422751753c4b7ff87fb6d2c00d5ef59911427f89d0d

    • Size

      23KB

    • MD5

      2fb49f8666cd78b0ccc746c97c2d76d2

    • SHA1

      72b378efc36eba9d1b444ce7a2f7bcb9794c2f0e

    • SHA256

      6847ce75c0375d36e337e422751753c4b7ff87fb6d2c00d5ef59911427f89d0d

    • SHA512

      2109820c70352b000bdf1487947540cc4362a5f531a22d04dee7d7aefddce441dbfb882662ef2059e50a5b5671b3b8bbadbaa9f8df51eba38dbe7168b446eec3

    • SSDEEP

      384:s75dqurNFZ3I+F52Bjh7gmkODaglshmJuSxFv5JQzKoX9u:s7Hj5L9Mh7gvhmJPTJQzKy9u

    Score
    10/10
    agentteslazgratkeyloggerpersistenceratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks