agenttesla | 206e47751e77f15c70870e3ca493ee455be747be1050ae8ae53c37372a5dff44 | Triage

Submit
Reports

Overview

overview

Static

static

3

NN $$.exe

windows7-x64

NN $$.exe

windows10-2004-x64

Sharing

General

Target

206e47751e77f15c70870e3ca493ee455be747be1050ae8ae53c37372a5dff44
Size

610KB
Sample

231213-cclgfafhc7
MD5

90c364866cad1fe5ab5057bafd4537f1
SHA1

75073e7dc1759b65bb7a455551ce2ab9f9f684f7
SHA256

206e47751e77f15c70870e3ca493ee455be747be1050ae8ae53c37372a5dff44
SHA512

e72b713094696abb8a93177043f0ac0b7603e9bde76c152cd10e41fcc2c879ad86bf0360276e28a652d7bc1234b197c32fd10672b8b1f08a2416db059901baac
SSDEEP

12288:/M7/RIfwZp8BFIQIeyxVfAArEYmO1sTsRjSBgnvRg99o6NDuk2y3Jqqsh3Yj:Y/Gfk6FI1jzAye4esxfvRg995NS23Yh4

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NN $$.exe

Resource

win7-20231025-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NN $$.exe

Resource

win10v2004-20231127-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.helikhodro.com
Port:
587
Username:
[email protected]
Password:
@Ii9121070423
Email To:
[email protected]

Targets

- Target
  
  NN $$.exe
- Size
  
  884KB
- MD5
  
  f6953ef972f68aa5ddf83fb22694885d
- SHA1
  
  ef1c44e51d2e11c27b09f5b86ad1cc296b3391a0
- SHA256
  
  355dd2c151a8acc04968060f9a92ddfe6d35839b63cae0a5e4f275ed7b5af945
- SHA512
  
  7f663fee4fa5f8893c7fd857315aaac2d9cc2d63c19db9cfdbfa77aa4ad2411e3cd593d019f05ce4e1ffd27a505e02abb64a2b43de7b2edfddace6794ce16a3e
- SSDEEP
  
  12288:VyVt2vuIQIeyxVfgArI7C2uQ1qEyIFPRj74tXg/i9Duk2y377rQwJXP:VIt2vuI1jzgJYmfy0xqXg69S23nkwf
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy