agenttesla | 01e100cfdb783c2714ea21e39ae159358cc05f48409754643655baacbd115aca | Triage

Submit
Reports

Overview

overview

Static

static

5

6dd3fcee83...AS.exe

windows7-x64

6dd3fcee83...AS.exe

windows10-2004-x64

Sharing

General

Target

6dd3fcee83d72a307d0ca48f6da398b0_NEAS
Size

1.1MB
Sample

240507-fr76jadg29
MD5

6dd3fcee83d72a307d0ca48f6da398b0
SHA1

0976eb07bfed46cc79447a40129366ab4c77920c
SHA256

01e100cfdb783c2714ea21e39ae159358cc05f48409754643655baacbd115aca
SHA512

45da22c69eac60dbb36e8c41ba32bf3bc7098b26dda3455038c57716326dc70d9ce1d980949022ccc664c169e082ca586f19dbd138e1a4ab2357f08d99320a01
SSDEEP

24576:TqDEvCTbMWu7rQYlBQcBiT6rprG8a4ArikpaAEU8ie04/aaENU:TTvC/MTQYxsWR7aVmmaNU8fR1E

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6dd3fcee83d72a307d0ca48f6da398b0_NEAS.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6dd3fcee83d72a307d0ca48f6da398b0_NEAS.exe

Resource

win10v2004-20240426-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6dd3fcee83d72a307d0ca48f6da398b0_NEAS
- Size
  
  1.1MB
- MD5
  
  6dd3fcee83d72a307d0ca48f6da398b0
- SHA1
  
  0976eb07bfed46cc79447a40129366ab4c77920c
- SHA256
  
  01e100cfdb783c2714ea21e39ae159358cc05f48409754643655baacbd115aca
- SHA512
  
  45da22c69eac60dbb36e8c41ba32bf3bc7098b26dda3455038c57716326dc70d9ce1d980949022ccc664c169e082ca586f19dbd138e1a4ab2357f08d99320a01
- SSDEEP
  
  24576:TqDEvCTbMWu7rQYlBQcBiT6rprG8a4ArikpaAEU8ie04/aaENU:TTvC/MTQYxsWR7aVmmaNU8fR1E
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

© 2018-2025

Terms | Privacy