agenttesla | 2b4c8c83b52e7ecd5bf9f36fb8928c106192492122c3c558c86fd39b178d7c79 | Triage

Submit
Reports

Overview

overview

Static

static

7

RFQ PHASE ...IN.exe

windows7-x64

RFQ PHASE ...IN.exe

windows10-2004-x64

Sharing

General

Target

28032024_1024_RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN ABU AL ABYAD ISLAND, AL DHAFRAH, U.A.E GAS PIPELINE EXPANSION PROJECTS.rar
Size

720KB
Sample

240328-cv5b9sdb2s
MD5

aac7196d59f094bd93d0d3c15403c012
SHA1

56a8e8fb3d9ee0cf4674a5478e9dceaa82f8f0ab
SHA256

2b4c8c83b52e7ecd5bf9f36fb8928c106192492122c3c558c86fd39b178d7c79
SHA512

c412dabcc52ff18f7919a962917a642d54718d3289b8b1e55fbde1f1741a023a0892094b9a164cb3ee3fcf41432df54b28231b992b54ffc170c0039cd45b2380
SSDEEP

12288:9aRM/516TJrgKTlfu/K0fzGMiFrzMbMGzv+Ix7/sKGTYvwpWS67fD5j7e7:9aCB1AcYfR00zMA2vlx7pAZUS67fD5jO

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6790148599:AAEhI5l0I1K9eLmuDfyg3l20optJGeU2krM/

Targets

- Target
  
  RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN ABU AL ABYAD ISLAND, AL DHAFRAH, U.A.E GAS PIPELINE EXPANSION PROJECTS.exe
- Size
  
  988KB
- MD5
  
  c70862d7512c8d754272dd9a2ecb1597
- SHA1
  
  9682502eed10e4c072d9628502ed69eaa79365b6
- SHA256
  
  eb60e1e6567f7187898075207042fd61ebc8bc3cc5c9063f339a144454841164
- SHA512
  
  055210c14bb63c9055390a83a44027dcf28b69a73a052a43fa0bcc72703a24b0ef2d3bc8152d28f19b78b2d6db4023c8cad450790981934050a2a1f3d5cedb26
- SSDEEP
  
  12288:0sHzOUNUSB/o5LsI1uwajJ5yvv1l2Ud7Z8xjErfPFGQiX/MVnDkWWnk:XiUmSB/o5d1ubcv/wxATFGQvFg/k
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojanupx

behavioral2

agentteslazgratkeyloggerratspywarestealertrojanupx

© 2018-2024

Terms | Privacy