agenttesla | f465787fcece594aab905f5b32772c2125fbaebc2dd0c27ab1117e2056648e0f | Triage

Submit
Reports

Overview

overview

Static

static

3

1f8a28e9ee...88.exe

windows7-x64

1f8a28e9ee...88.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1f8a28e9eea19313c1d5453a4b292788
Size

497KB
Sample

231225-bkgb1shda9
MD5

1f8a28e9eea19313c1d5453a4b292788
SHA1

51e8b4e4f328bd95d05a783bc953d720d10ea3d1
SHA256

f465787fcece594aab905f5b32772c2125fbaebc2dd0c27ab1117e2056648e0f
SHA512

a455fcd1a516cde545bbd0e23651188c955f92673ccdb1106ea8c862f454af089746e7fc7712808ada591a2f575400b753caca018c82b956b20cef17850483a0
SSDEEP

6144:arDaY05qwyS6SmNMqt6snMU8Jj/QydRqB2imKOyI6jTvlyTQmocbx3NVvNJI2fr/:6IUFS6Smt7r2j/QxklEAEaVVJbLWe

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f8a28e9eea19313c1d5453a4b292788.exe

Resource

win7-20231215-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f8a28e9eea19313c1d5453a4b292788.exe

Resource

win10v2004-20231215-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jetport-aero.com
Port:
587
Username:
[email protected]
Password:
Niniola@456

Targets

- Target
  
  1f8a28e9eea19313c1d5453a4b292788
- Size
  
  497KB
- MD5
  
  1f8a28e9eea19313c1d5453a4b292788
- SHA1
  
  51e8b4e4f328bd95d05a783bc953d720d10ea3d1
- SHA256
  
  f465787fcece594aab905f5b32772c2125fbaebc2dd0c27ab1117e2056648e0f
- SHA512
  
  a455fcd1a516cde545bbd0e23651188c955f92673ccdb1106ea8c862f454af089746e7fc7712808ada591a2f575400b753caca018c82b956b20cef17850483a0
- SSDEEP
  
  6144:arDaY05qwyS6SmNMqt6snMU8Jj/QydRqB2imKOyI6jTvlyTQmocbx3NVvNJI2fr/:6IUFS6Smt7r2j/QxklEAEaVVJbLWe
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy