agenttesla

General

Target

520ebc15e7c85272d5d818794258d08823ca07cce7df0df9b202a35660264e38
Size

621KB
Sample

231212-p82vhsdcdm
MD5

3f8ff61902aa9e059b4559a9a3152a02
SHA1

4ffcb4d369446adeb817a1f507ecae29c27f705f
SHA256

520ebc15e7c85272d5d818794258d08823ca07cce7df0df9b202a35660264e38
SHA512

7bd6fa7155f8f0d05deaf63269980ea4967bfc499137e729d3436fecff572d95bd0487d1ea7ad283e5fac2ec958aac77ccf27ef339456f4f28727a1aeadeb1d1
SSDEEP

12288:/7De9M/K7Kg1uvF0kOmp9Q97abafw3VYSWawZc+N5jdn87mXDaQ:mCcKg1uv2k/a9wwwKSWagrH

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1181759713713602600/iHsQ6OYa_KMNpOIA7OYiDu7j9BWVVvJ0gcEWr8VRve7tDH1TR5LRILIK1jr1NG5T-29a

Targets

- Target
  
  Purchase Enquiry-Y97STVZCPZC12AQ-03315904351-pdf.exe
- Size
  
  668KB
- MD5
  
  9119bc707a33a35acdaf7b200c333114
- SHA1
  
  6e61a99702917a3a0a81ba7533955c08e2b62904
- SHA256
  
  df7306e9804b036951292e2a2475f14ac6a14294ddd7d17df9f0442e4a8e28c7
- SHA512
  
  034c30c5ea354c6d1b8cc37efca124af157345e7f6d2f48a01d7aa54e9e27d113b2b8b248fa139fc28694c9ae348ba1f053dda5b125f19fc314e6accd532aed8
- SSDEEP
  
  12288:13Vz+4WpAEry7469rISXDopXuGPU5XULMpVN8+iLdYhGgQV+2hp8LU2Wwg+:4pAE3697XDQvGULMp3kLdYhvQVTpq
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2