agenttesla | 63feb24efd7c0d4a1e9b69639187b396e0b61e1338ebf5682102295930dbd2aa | Triage

Submit
Reports

Overview

overview

Static

static

5

Zahlung.exe

windows7-x64

Zahlung.exe

windows10-2004-x64

Sharing

General

Target

07052024_1245_06052024_Zahlung.rar
Size

628KB
Sample

240507-pza1faah59
MD5

281a3130b5007efb73c62903bd019a79
SHA1

9137a32c3fada218a57fd6d0b10b7369a97bc581
SHA256

63feb24efd7c0d4a1e9b69639187b396e0b61e1338ebf5682102295930dbd2aa
SHA512

d6d6eb57f18767a3a6ffbaf8f0c537a49e27278855e390dffb1dc78831920fbd09a65a4064a36775bb35729b0903ab38d2af686bf1a23a513255ce4d895f3a43
SSDEEP

12288:KRMHcP9RbbxyyeSHpiqeyhj9/GbUaVA0JyEcEC044ow3vkQzA6ZTwFK/:EMHIRb7sqlj9/CV+EcEDhr3cQk612K/

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Zahlung.exe

Resource

win7-20240215-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zahlung.exe

Resource

win10v2004-20240419-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Zahlung.exe
- Size
  
  1.1MB
- MD5
  
  2c8875f8ec188a3a1d0bb9ef4ff31af7
- SHA1
  
  12b009dceb42263b84f686a03553756c59b146a8
- SHA256
  
  102c02a1c8b18891a74d4240cbc6673f2771de86a31c0927c21040676d8c5436
- SHA512
  
  8f28a15486ef04a8f8a1143148ba1fe084527020c594246a65ef9d6d339b796f2973c954075b3f4a4325b98f475b1c6b534816502cd28a45c6aae19e9cc3f1a3
- SSDEEP
  
  24576:54lavt0LkLL9IMixoEgeaqiaMx5ZdELwWZxMq9MmCS:Ikwkn9IMHeaqiSiaPCS
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy