Overview

overview

10

Static

static

5

d7cf5471f4...c4.exe

windows7-x64

10

d7cf5471f4...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4

  • Size

    1.2MB

  • Sample

    240329-bpbx4aec55

  • MD5

    797de0a2f3961f15fab9df46d8cd3b9f

  • SHA1

    09db4759342f0b94ebe3fb23475c7be2e92958fe

  • SHA256

    d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4

  • SHA512

    4124fec422ce48fb9d3695e1752a9d44a60c1464a7c30bb3e659221bd6e9728e16815ebed646768bb39ce6d933495e8348f24985237c173c3e450fd75858125a

  • SSDEEP

    24576:/RmJkcoQricOIQxiZY1WNsQp7v954uMbyiJWHKAK5:UJZoQrbTFZY1WNsQ99quMbyfqx

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6811787827:AAEr4cj8xrQKX5i6BnPzE4vzpRaL4EziTo4/

Targets

    • Target

      d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4

    • Size

      1.2MB

    • MD5

      797de0a2f3961f15fab9df46d8cd3b9f

    • SHA1

      09db4759342f0b94ebe3fb23475c7be2e92958fe

    • SHA256

      d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4

    • SHA512

      4124fec422ce48fb9d3695e1752a9d44a60c1464a7c30bb3e659221bd6e9728e16815ebed646768bb39ce6d933495e8348f24985237c173c3e450fd75858125a

    • SSDEEP

      24576:/RmJkcoQricOIQxiZY1WNsQp7v954uMbyiJWHKAK5:UJZoQrbTFZY1WNsQ99quMbyfqx

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks