agenttesla | aba1d2b9affe1a3724cea3a4aab81c04bbb004e1be5e11a9918a0b139fcb7fca | Triage

Submit
Reports

Overview

overview

Static

static

5

MK_Order_3...df.exe

windows7-x64

MK_Order_3...df.exe

windows10-2004-x64

Sharing

General

Target

aba1d2b9affe1a3724cea3a4aab81c04bbb004e1be5e11a9918a0b139fcb7fca
Size

795KB
Sample

240330-bthansdh9z
MD5

386d259e67808056e47cbaf9728c710e
SHA1

5448ee33fbf22c897b7c8b45314e2ddf21a8c6cf
SHA256

aba1d2b9affe1a3724cea3a4aab81c04bbb004e1be5e11a9918a0b139fcb7fca
SHA512

9ddb7f36f654a37b3573f2eeefab67e77dc3b7cb4c04fa6f1e41bd19b8ffcf81ef3335a6442bdaf2c6f2667b25d41ff96596edec4794a1f29913b6c1f985adc0
SSDEEP

24576:LVrAo1XVI/JnYSvqY1wVYSdeoRhKESa78K:LVrlIx/Juu6Qa78K

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

MK_Order_30387_pdf.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

MK_Order_30387_pdf.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  MK_Order_30387_pdf.exe
- Size
  
  1.2MB
- MD5
  
  1b453ca9236f5b70f3c7c255eba1c45a
- SHA1
  
  9e66fb5257155f5b44d8b8f24ab377b0f47aaba8
- SHA256
  
  3fb4903b9429a85b65f816eb8f90a3ae01eb38eef3ebb5f622587af468173d1a
- SHA512
  
  eacb7952a901b5fde0f0e6f0ba46b2313d0e13d63fab4fee57115c4c6dd476e7bcbeb0f96f24d2795a4624001c4e562730985dac8d4befc3ed88c997053434d6
- SSDEEP
  
  24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8a55MZisxzKqoa+:oTvC/MTQYxsWR7a55Cua
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy