agenttesla

General

Target

SecuriteInfo.com.Win32.PWSX-gen.21667.25222.exe
Size

653KB
Sample

231212-h9hppsacd8
MD5

437067bc7190a7931c53e3e2f0e8185a
SHA1

bf17143f35531655ab0af5c4c7625f58d611f50f
SHA256

cd10c10c18af02c84db0cfc309c6357897bb6b07f987ba38a3eb83781ca63f24
SHA512

258d333d03f397449a9c3fcfdcc750c561fb2e95522ebdfeca4cd320bb924be604224b64cc780b8d1cbf7f53fb694499758220038883ca0f6984f6f58bf5ab55
SSDEEP

12288:o13IU8S6eUdJKiISKICXAVoRy4EANanNZ84iiCn6XkPf+oXemxFUMoLO9nTovCwg:odItSAdJKiIB/AeQ4zanNZ8PTVHLL0wh

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6833930321:AAHwDIEAPHebsHtw__k-gJGBZ92DAJlw8_s/

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.21667.25222.exe
- Size
  
  653KB
- MD5
  
  437067bc7190a7931c53e3e2f0e8185a
- SHA1
  
  bf17143f35531655ab0af5c4c7625f58d611f50f
- SHA256
  
  cd10c10c18af02c84db0cfc309c6357897bb6b07f987ba38a3eb83781ca63f24
- SHA512
  
  258d333d03f397449a9c3fcfdcc750c561fb2e95522ebdfeca4cd320bb924be604224b64cc780b8d1cbf7f53fb694499758220038883ca0f6984f6f58bf5ab55
- SSDEEP
  
  12288:o13IU8S6eUdJKiISKICXAVoRy4EANanNZ84iiCn6XkPf+oXemxFUMoLO9nTovCwg:odItSAdJKiIB/AeQ4zanNZ8PTVHLL0wh
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2