agenttesla

General

Target

6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
Size

47KB
Sample

240426-ctxwsshc5x
MD5

46be9c50445080232ef8212d55d93360
SHA1

9e5f529a03375ccc8f55cb2ee7f5ed679ae79242
SHA256

6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
SHA512

2316ef5819e534af19a7a308e543a4bb53239ffd2a56394bf7512b0ac36ec3f207e9917d75947f422a3e4f9a1a755e5cc9f22998e981f63cf6049b42aa58f730
SSDEEP

768:4zMktxthaDNwYRvweCkJdsblgTEdIHPIDwkPrFGSCvfIHOJUUTJf9oRpBGBbV6Vn:4zMktxth6qYdelIEdIv4PxGrUKUuJlQ1

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.wassadadvogados.com.br
Port:
587
Username:
majicboyyy@wassadadvogados.com.br
Password:
TkuGA;DYH+It

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.wassadadvogados.com.br
Port:
587
Username:
majicboyyy@wassadadvogados.com.br
Password:
TkuGA;DYH+It
Email To:
majicman@afprofiters.com

Targets

- Target
  
  6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
- Size
  
  47KB
- MD5
  
  46be9c50445080232ef8212d55d93360
- SHA1
  
  9e5f529a03375ccc8f55cb2ee7f5ed679ae79242
- SHA256
  
  6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
- SHA512
  
  2316ef5819e534af19a7a308e543a4bb53239ffd2a56394bf7512b0ac36ec3f207e9917d75947f422a3e4f9a1a755e5cc9f22998e981f63cf6049b42aa58f730
- SSDEEP
  
  768:4zMktxthaDNwYRvweCkJdsblgTEdIHPIDwkPrFGSCvfIHOJUUTJf9oRpBGBbV6Vn:4zMktxth6qYdelIEdIv4PxGrUKUuJlQ1
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2