agenttesla | 222370596f59183040772e971c9b262d1fa1aba5386b448e423c6cff2d23319a | Triage

Submit
Reports

Overview

overview

Static

static

7

x.exe

windows7-x64

x.exe

windows10-2004-x64

x.exe

windows11-21h2-x64

7

Sharing

General

Target

x.exe
Size

867KB
Sample

240328-k61r8ahb7w
MD5

2c520c9db37e16343941bbba36fc22ef
SHA1

b168bb726e9ec94166e60cc3d502843058ede5a4
SHA256

222370596f59183040772e971c9b262d1fa1aba5386b448e423c6cff2d23319a
SHA512

097379427ac91ccde3e7cf09223a8f6a9955c77c786d975e78aa7c5a5e693b92c172322ecc6c32dfc80e4ae2964c805f11ac0268afd95aa82921b296666d758a
SSDEEP

12288:Z6Wq4aaE6KwyF5L0Y2D1PqL/2p7v95HcYuHfWpKbyiJZUHKA4b5:vthEVaPqLOp7v954uMbyiJWHKAK5

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

x.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan upx

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

x.exe

Resource

win10v2004-20240319-en

agenttesla zgrat keylogger rat spyware stealer trojan upx

windows10-2004-x64

14 signatures

300 seconds

Behavioral task

behavioral3

Sample

x.exe

Resource

win11-20240221-en

windows11-21h2-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6811787827:AAEr4cj8xrQKX5i6BnPzE4vzpRaL4EziTo4/

Targets

- Target
  
  x.exe
- Size
  
  867KB
- MD5
  
  2c520c9db37e16343941bbba36fc22ef
- SHA1
  
  b168bb726e9ec94166e60cc3d502843058ede5a4
- SHA256
  
  222370596f59183040772e971c9b262d1fa1aba5386b448e423c6cff2d23319a
- SHA512
  
  097379427ac91ccde3e7cf09223a8f6a9955c77c786d975e78aa7c5a5e693b92c172322ecc6c32dfc80e4ae2964c805f11ac0268afd95aa82921b296666d758a
- SSDEEP
  
  12288:Z6Wq4aaE6KwyF5L0Y2D1PqL/2p7v95HcYuHfWpKbyiJZUHKA4b5:vthEVaPqLOp7v954uMbyiJWHKAK5
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojanupx

behavioral2

agentteslazgratkeyloggerratspywarestealertrojanupx

behavioral3

© 2018-2024

Terms | Privacy