agenttesla | 3d0ab865ff33e19b38320e946e9179a31d1f1748be40c986a5bb3c92111ba273 | Triage

Submit
Reports

Overview

overview

Static

static

5

rock9980jjfur.exe

windows7-x64

rock9980jjfur.exe

windows10-2004-x64

Sharing

General

Target

3d0ab865ff33e19b38320e946e9179a31d1f1748be40c986a5bb3c92111ba273
Size

715KB
Sample

240229-btkqssac84
MD5

ed2604068752b07fee25e0cf9a4a77d1
SHA1

8bdf39b2e81d997dcd45bf570d1bd11a288e0f71
SHA256

3d0ab865ff33e19b38320e946e9179a31d1f1748be40c986a5bb3c92111ba273
SHA512

fd2934332452a39a764febd11df1362cd91df9fdd95cf8fd109c4fa4a49184aed15444aafcb1724843a7bc92d3048099d11267cb42cb1b5e04ff40c702e57a56
SSDEEP

12288:pY7drh3XcN3AFjXM6i1LIIVf9KNz6lmetYz1C7ergdPMpfJxNITDAJFZOKvjc:pY9taLIfN2lDaz46zfP6AJPc

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

rock9980jjfur.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

rock9980jjfur.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  rock9980jjfur.exe
- Size
  
  1.1MB
- MD5
  
  3a4cf3e0afc19c30d0192f8b5141d76d
- SHA1
  
  b2a966b36f800565ba82f827917310fb127a9969
- SHA256
  
  041a39cb5700e4016b93e3e42efd80d3042adf5ecd96e4aa8b25635dd87df221
- SHA512
  
  6fe562840c94d9321f29d510e197f9c7cf2da94fbb2f3b013a70eb0d8b7b35074076ee595f29f1fe20d22fb6cf14e8e9b65e53870b5929a8c18a1e92cee49588
- SSDEEP
  
  24576:atb20pkaCqT5TBWgNQ7agT6bTngAJOa6A:HVg5tQ7ag48AJN5
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy