Overview

overview

10

Static

static

5

roc8899076...er.exe

windows7-x64

10

roc8899076...er.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    94caec1ea3b33466b23e3a3fe5c169d78f2889eadb2f9fe0205429f160be30a4

  • Size

    769KB

  • Sample

    240126-bdv7labaf9

  • MD5

    e9824dd3b7e57908383736923e665cf1

  • SHA1

    17907ae700e1202dba17983ea24899c98ffa536f

  • SHA256

    94caec1ea3b33466b23e3a3fe5c169d78f2889eadb2f9fe0205429f160be30a4

  • SHA512

    42516cc42ab3fc135e73437ae80286d4d224c453ce6a91ef2086b97d3c6627df25194ea58011d205739edcb12e22a9b6b1b5636570d57731b46c5da9ebadb491

  • SSDEEP

    12288:FaitcvIeZ5D2KZfA68QZ4RS1R04sz/57oR12V3d7iO+kLEFAWP5S7opli:FDtHmDLA68QZ4RSn0rL57e4R2kOkspQ

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      roc8899076654hyter.exe

    • Size

      1.3MB

    • MD5

      0e29a8356fc439c51c89f38bf1d87a07

    • SHA1

      462c0714032110552b1fe6b6dff71654d3e8f372

    • SHA256

      a07958f2f727b446e9fece662ba415f8260602dac7be53dd3a63b822290dcfd7

    • SHA512

      db5e0556a8aa978526877a623e7f4beb05acd736ab42bf0a9277b793a1c6073f078e48c8fc5fd5c8163562569a314454756cffafde8b739c81fcb6959dac57fb

    • SSDEEP

      24576:LAHnh+eWsN3skA4RV1Hom2KXMmHa7rT2kIYopUa5:mh+ZkldoPK8Ya7rxjq

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks