agenttesla | a34b217c6e4078530bb472f224c8f1ee7041ab0575a298e2b9eafe14bb889fd8 | Triage

Submit
Reports

Overview

overview

Static

static

5

Flexsense ...5 .exe

windows7-x64

Flexsense ...5 .exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Flexsense Sip. GRS024000000713 BSG 40-700-135 PDF.bz2
Size

660KB
Sample

240424-q7gnmabb2z
MD5

4f85f8c03d8612082ee04b10ba5add2c
SHA1

ee440d9ab6be5d3df342a5cd5b3e92f170850b43
SHA256

a34b217c6e4078530bb472f224c8f1ee7041ab0575a298e2b9eafe14bb889fd8
SHA512

c6f8933881a0012461f7d40563d3b9fa3a05d4dd6b76d527bbfaf679d9ca577f7e44fa42f31401146e5eb7df989b7d15fc2bda16de9aea9e855a0960dcd000a2
SSDEEP

12288:6YfviVMTCffgfLAI/ViWrGYghxOHg+zjQl5j8WN9+zPx3Yy7G:6Wu8CfgLttiiG/HnH8W+DXC

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Flexsense Sip. GRS024000000713 BSG 40-700-135 .exe

Resource

win7-20240215-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Flexsense Sip. GRS024000000713 BSG 40-700-135 .exe

Resource

win10v2004-20240412-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Flexsense Sip. GRS024000000713 BSG 40-700-135 .exe
- Size
  
  1.1MB
- MD5
  
  48a36bd787c0f37b6dee121a52c1029e
- SHA1
  
  dbfbe457dfcb24f5930cece2d0d6632135760db9
- SHA256
  
  d45e2d0c57b3e3da8e0f740c8e57d1483f90e62251a8f2c97b4ebfbfa6a6f92e
- SHA512
  
  976e60e841d87c5b1ae05a80d4c1f8fc58a568baca03d71bcac86cc6a19d5b5e0c902a31aa368acd7711c62d508e3aa48518f7f9113bf9c4e0e1f62e2a81cb94
- SSDEEP
  
  24576:bqDEvCTbMWu7rQYlBQcBiT6rprG8aArxxoy1/4/W5NU:bTvC/MTQYxsWR7aArG+5
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

© 2018-2025

Terms | Privacy