agenttesla

General

Target

f00366118644288d4246d7e4858744c401d6938e5dd4ddb7a9af134e90b19bb0
Size

590KB
Sample

231213-bqsl8sebar
MD5

a46707e1b842734539f968e048359d70
SHA1

5893aaf2d9aa3b557e9883922c7cacf15fbb37fb
SHA256

f00366118644288d4246d7e4858744c401d6938e5dd4ddb7a9af134e90b19bb0
SHA512

a47a690b720f25e21ad098789816a4da5ca8c1866df447936d46fed0c22cd9ca9ffe0e619f42c8b830461214f233651abcd0e7ff7467639d026be98e70e7b150
SSDEEP

12288:qYdl+4WpAE/yemGbkdaISYSc7LGqQJlqrLMSVPpQ6kEhoaCgr+:wpAEzdogl9aGqOc3PK6jH

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
7ace90qwerty
Email To:
[email protected]

Targets

- Target
  
  f00366118644288d4246d7e4858744c401d6938e5dd4ddb7a9af134e90b19bb0
- Size
  
  590KB
- MD5
  
  a46707e1b842734539f968e048359d70
- SHA1
  
  5893aaf2d9aa3b557e9883922c7cacf15fbb37fb
- SHA256
  
  f00366118644288d4246d7e4858744c401d6938e5dd4ddb7a9af134e90b19bb0
- SHA512
  
  a47a690b720f25e21ad098789816a4da5ca8c1866df447936d46fed0c22cd9ca9ffe0e619f42c8b830461214f233651abcd0e7ff7467639d026be98e70e7b150
- SSDEEP
  
  12288:qYdl+4WpAE/yemGbkdaISYSc7LGqQJlqrLMSVPpQ6kEhoaCgr+:wpAEzdogl9aGqOc3PK6jH
Score

10^/10

agenttesla zgrat collection keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2