agenttesla | b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed | Triage

Submit
Reports

Overview

overview

Static

static

5

b3ee243fec...ed.exe

windows7-x64

b3ee243fec...ed.exe

windows10-2004-x64

Sharing

General

Target

b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed
Size

1.1MB
Sample

240425-d3v91aeg4s
MD5

623ee380ebde7c5c8f12d9847de16305
SHA1

caea83bfa0f2c44a5f4645dc1fb1642e57dca3f4
SHA256

b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed
SHA512

74ab2ce17e0536a21281647228d7cb5b79f67dbac56bb76652a3954b9dd291c9f6953b80d625acec21c5c1427255ab6046eae88ce5ac80cba64b6fe3768905ea
SSDEEP

24576:pAHnh+eWsN3skA4RV1Hom2KXMmHaOrw/kS0dI8+cLUkf5:wh+ZkldoPK8YaOukOcLr

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed.exe

Resource

win10v2004-20240412-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed
- Size
  
  1.1MB
- MD5
  
  623ee380ebde7c5c8f12d9847de16305
- SHA1
  
  caea83bfa0f2c44a5f4645dc1fb1642e57dca3f4
- SHA256
  
  b3ee243fec9de264cfd5f0743552ffc89b1379236153d36b48d9d520620228ed
- SHA512
  
  74ab2ce17e0536a21281647228d7cb5b79f67dbac56bb76652a3954b9dd291c9f6953b80d625acec21c5c1427255ab6046eae88ce5ac80cba64b6fe3768905ea
- SSDEEP
  
  24576:pAHnh+eWsN3skA4RV1Hom2KXMmHaOrw/kS0dI8+cLUkf5:wh+ZkldoPK8YaOukOcLr
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy