agenttesla | 41430a71d6847e8c25206b5101164baa53b098ca1ee9c8d71a33ceb09e672927 | Triage

Submit
Reports

Overview

overview

Static

static

3

LAM CHUAN.exe

windows7-x64

LAM CHUAN.exe

windows10-2004-x64

Sharing

General

Target

LAM CHUAN.exe
Size

573KB
Sample

231212-jdjskaadc5
MD5

b2d39ecdb67012426b8a8b7389a71aa8
SHA1

8905ac8f4674b55fd41cd15fbf9965bad5041f8d
SHA256

41430a71d6847e8c25206b5101164baa53b098ca1ee9c8d71a33ceb09e672927
SHA512

6e77e4529745999175c4ad760d962264846a9947bb5964842d67b4483c9c4a2f0e6ed5d73b6e5df18a8db75cc103e024a361f7821c9c52968be09799d4e1dfe9
SSDEEP

12288:TJ3IU8S6eUdwCY/d/8EqXrfLLzsRqzORl3gQgN0LcvxJ0EwFVvoMYRHA:ThItSAdwCYFe0Ri6lQQgN0SxJnwEMuH

Score

10^/10

agenttesla zgrat collection keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

LAM CHUAN.exe

Resource

win7-20231130-en

agenttesla zgrat collection keylogger rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

LAM CHUAN.exe

Resource

win10v2004-20231130-en

agenttesla zgrat collection keylogger rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
NX@@OLDdollarDV8FW7
Email To:
[email protected]

Targets

- Target
  
  LAM CHUAN.exe
- Size
  
  573KB
- MD5
  
  b2d39ecdb67012426b8a8b7389a71aa8
- SHA1
  
  8905ac8f4674b55fd41cd15fbf9965bad5041f8d
- SHA256
  
  41430a71d6847e8c25206b5101164baa53b098ca1ee9c8d71a33ceb09e672927
- SHA512
  
  6e77e4529745999175c4ad760d962264846a9947bb5964842d67b4483c9c4a2f0e6ed5d73b6e5df18a8db75cc103e024a361f7821c9c52968be09799d4e1dfe9
- SSDEEP
  
  12288:TJ3IU8S6eUdwCY/d/8EqXrfLLzsRqzORl3gQgN0LcvxJ0EwFVvoMYRHA:ThItSAdwCYFe0Ri6lQQgN0SxJnwEMuH
Score

10^/10

agenttesla zgrat collection keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratcollectionkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratcollectionkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy