Overview

overview

10

Static

static

5

68ff377800...09.exe

windows7-x64

10

68ff377800...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68ff3778004f961d30e588f8f7c66bb3b674474657d8557fac42bf90457d0909

  • Size

    1.1MB

  • Sample

    240508-csf7nadf6s

  • MD5

    2a2ea0683e9788d9f2c18e212b0444a2

  • SHA1

    d043d37dde58ad99013d565ebd64d235b8792474

  • SHA256

    68ff3778004f961d30e588f8f7c66bb3b674474657d8557fac42bf90457d0909

  • SHA512

    ab9d8d9e38f61e4e101e318bebd30c4804231a83a2236ad1805be263b11b9fc85ba42d436c1bc2e2d6cf6c2a8f944c1929f490c9b6455bb63cb0f0b38ea7e437

  • SSDEEP

    24576:54lavt0LkLL9IMixoEgea46xFxj4L0ynPLCGL+q9MmCS:Ikwkn9IMHea46hgPQaPCS

Score
10/10
agentteslazgratcollectionkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      68ff3778004f961d30e588f8f7c66bb3b674474657d8557fac42bf90457d0909

    • Size

      1.1MB

    • MD5

      2a2ea0683e9788d9f2c18e212b0444a2

    • SHA1

      d043d37dde58ad99013d565ebd64d235b8792474

    • SHA256

      68ff3778004f961d30e588f8f7c66bb3b674474657d8557fac42bf90457d0909

    • SHA512

      ab9d8d9e38f61e4e101e318bebd30c4804231a83a2236ad1805be263b11b9fc85ba42d436c1bc2e2d6cf6c2a8f944c1929f490c9b6455bb63cb0f0b38ea7e437

    • SSDEEP

      24576:54lavt0LkLL9IMixoEgea46xFxj4L0ynPLCGL+q9MmCS:Ikwkn9IMHea46hgPQaPCS

    Score
    10/10
    agentteslazgratcollectionkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks