agenttesla | f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550 | Triage

Submit
Reports

Overview

overview

Static

static

3

f96e4bc426...50.exe

windows7-x64

f96e4bc426...50.exe

windows10-2004-x64

Sharing

General

Target

f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
Size

647KB
Sample

231213-clm2magaf4
MD5

0ce516b074c9ba37924e70026d79f71b
SHA1

ef18a0df0fe4263f89e2dd9f1dd831e0cef97da5
SHA256

f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
SHA512

7a270449a49ada4b55d943cc774ae9f7801e9ff9a556bc40d66832a315f9d94d6c2c58ae6558afa46229640719e7c0e57549cc7dfcb0f2d23e7c4875d39589c2
SSDEEP

12288:ej3IU8S6eUddWAViG+nKGYfm25jKzvIWyFODy66KiP7R0q:eTItSAddWAR+nKGYdx/Wyo6Kan

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550.exe

Resource

win7-20231023-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550.exe

Resource

win10v2004-20231127-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tecnosilos.com.py
Port:
587
Username:
[email protected]
Password:
dX,@;SPvm;h{
Email To:
[email protected]

Targets

- Target
  
  f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
- Size
  
  647KB
- MD5
  
  0ce516b074c9ba37924e70026d79f71b
- SHA1
  
  ef18a0df0fe4263f89e2dd9f1dd831e0cef97da5
- SHA256
  
  f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
- SHA512
  
  7a270449a49ada4b55d943cc774ae9f7801e9ff9a556bc40d66832a315f9d94d6c2c58ae6558afa46229640719e7c0e57549cc7dfcb0f2d23e7c4875d39589c2
- SSDEEP
  
  12288:ej3IU8S6eUddWAViG+nKGYfm25jKzvIWyFODy66KiP7R0q:eTItSAddWAR+nKGYdx/Wyo6Kan
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy