agenttesla | f0b7b3e5f75561c2bd0c418d49a78c796c832c11cf4aa374963a7ee7c76e5473 | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...32.exe

windows7-x64

SecuriteIn...32.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.11232.25498
Size

591KB
Sample

231212-pq9seaedh2
MD5

cc6d16e2ed21cf7c90de7ded2e202ed6
SHA1

7516b5a9c4d4b5f0a3bc6519f92f42bcee898559
SHA256

f0b7b3e5f75561c2bd0c418d49a78c796c832c11cf4aa374963a7ee7c76e5473
SHA512

0818390ad1a6733e731b80c74db8b98527c23bd0c939f678b908fa13005d98f9f2fdce3437ea7d5f4a71544d46e35472544a9025ca9e91f5426d649924550493
SSDEEP

12288:hEW+4WpAE9y7O90AfcX6Ce4YuGKKi2elAdi22tA1sxolp9r4qXD+:OpAEMWJDfelAd31sxoZ4q

Score

10^/10

agenttesla zgrat collection keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.11232.exe

Resource

win7-20231130-en

agenttesla zgrat collection keylogger rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.11232.exe

Resource

win10v2004-20231127-en

agenttesla zgrat collection keylogger rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
NX@@OLDdollarDV8FW7
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.11232.25498
- Size
  
  591KB
- MD5
  
  cc6d16e2ed21cf7c90de7ded2e202ed6
- SHA1
  
  7516b5a9c4d4b5f0a3bc6519f92f42bcee898559
- SHA256
  
  f0b7b3e5f75561c2bd0c418d49a78c796c832c11cf4aa374963a7ee7c76e5473
- SHA512
  
  0818390ad1a6733e731b80c74db8b98527c23bd0c939f678b908fa13005d98f9f2fdce3437ea7d5f4a71544d46e35472544a9025ca9e91f5426d649924550493
- SSDEEP
  
  12288:hEW+4WpAE9y7O90AfcX6Ce4YuGKKi2elAdi22tA1sxolp9r4qXD+:OpAEMWJDfelAd31sxoZ4q
Score

10^/10

agenttesla zgrat collection keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratcollectionkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratcollectionkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy