agenttesla | a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730 | Triage

Submit
Reports

Overview

overview

Static

static

1

a690fdba2f...30.exe

windows7-x64

a690fdba2f...30.exe

windows10-2004-x64

7

Sharing

General

Target

a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730
Size

719KB
Sample

240427-b4q1kahd2v
MD5

e0d1ff659ed5cb5e88c0135f73c99294
SHA1

851fef711518b2289d22b1d3649372bdbcbd65ed
SHA256

a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730
SHA512

d36c01d9e8efec6b07d5d84795488ff5e37fec6be80b40d8a6ab3c82a681adbcf9eadb80ec55315fa8de2a091dec8e5f96a95d3aa5049ab93abb7292deb72d09
SSDEEP

12288:7dgAGe/bZefE7bTD0JYRXRhxP5ej441r+rqsYlqAaRKLycOM9uGf1laGQg/381hX:7tB/cfcTRXRXx4lMq6eWcO0N3/W5p/7V

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730.exe

Resource

win7-20240215-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.strato.de
Port:
587
Username:
[email protected]
Password:
Oy1)8JSu_qPx(rzV_{Xu

Targets

- Target
  
  a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730
- Size
  
  719KB
- MD5
  
  e0d1ff659ed5cb5e88c0135f73c99294
- SHA1
  
  851fef711518b2289d22b1d3649372bdbcbd65ed
- SHA256
  
  a690fdba2fd0bb532f8556e97759dea39eb2c5b2696720be6119f372b1b65730
- SHA512
  
  d36c01d9e8efec6b07d5d84795488ff5e37fec6be80b40d8a6ab3c82a681adbcf9eadb80ec55315fa8de2a091dec8e5f96a95d3aa5049ab93abb7292deb72d09
- SSDEEP
  
  12288:7dgAGe/bZefE7bTD0JYRXRhxP5ej441r+rqsYlqAaRKLycOM9uGf1laGQg/381hX:7tB/cfcTRXRXx4lMq6eWcO0N3/W5p/7V
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy