agenttesla

General

Target

68f921d55e5ebbc383106e2de957dfd3a9db76117d8baeaf60d824954e4c3dd4.exe
Size

687KB
Sample

240320-csr9xsed83
MD5

e78c1dbf5a60565752827b9da8be8f7c
SHA1

4a12a76c1156ba36a5ba6c71d861d9fb6d67b625
SHA256

68f921d55e5ebbc383106e2de957dfd3a9db76117d8baeaf60d824954e4c3dd4
SHA512

83e1c643808598d18ab70b46322c6809f4c08bbe2ad2459674bb5c0d48ecc42251ccda9b2b169be576299c2598633fdd8c07b54c4f7cfccb087be9c72af6ffca
SSDEEP

12288:MYV6MorX7qzuC3QHO9FQVHPF51jgcSpMQQpDkzgsp6YTzV+nvZSDaK4Tc0jNu:rBXu9HGaVHS2JDHY8vwaK4TNc

Score

10^/10

Malware Config

Targets

- Target
  
  68f921d55e5ebbc383106e2de957dfd3a9db76117d8baeaf60d824954e4c3dd4.exe
- Size
  
  687KB
- MD5
  
  e78c1dbf5a60565752827b9da8be8f7c
- SHA1
  
  4a12a76c1156ba36a5ba6c71d861d9fb6d67b625
- SHA256
  
  68f921d55e5ebbc383106e2de957dfd3a9db76117d8baeaf60d824954e4c3dd4
- SHA512
  
  83e1c643808598d18ab70b46322c6809f4c08bbe2ad2459674bb5c0d48ecc42251ccda9b2b169be576299c2598633fdd8c07b54c4f7cfccb087be9c72af6ffca
- SSDEEP
  
  12288:MYV6MorX7qzuC3QHO9FQVHPF51jgcSpMQQpDkzgsp6YTzV+nvZSDaK4Tc0jNu:rBXu9HGaVHS2JDHY8vwaK4TNc
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

ZGRat

Detect packed .NET executables. Mostly AgentTeslaV4.

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables referencing Windows vault credential objects. Observed in infostealers

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

Detects executables referencing many email and collaboration clients. Observed in information stealers

Detects executables referencing many file transfer clients. Observed in information stealers

UPX dump on OEP (original entry point)

UPX packed file

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2