agenttesla | 1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad | Triage

Submit
Reports

Overview

overview

Static

static

5

1629bb38d8...ad.exe

windows7-x64

1629bb38d8...ad.exe

windows10-2004-x64

Sharing

General

Target

1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad
Size

1.1MB
Sample

240508-pkxwnacc6y
MD5

7d2d11b3e1a30782525d39237cb09c75
SHA1

fe2db301a7a8ba1129ed85b0a021698756d7a7de
SHA256

1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad
SHA512

1f3f4072b32a3ef2f21f68490a5c2d5df5115ef296ed7c1ebb0ecc6e97d4d14b806b86adeb116f45a0925a1cd62e4c1373e7c71cc27a40e145465bf801870ec4
SSDEEP

24576:TqDEvCTbMWu7rQYlBQcBiT6rprG8a3crT9HRh2NB:TTvC/MTQYxsWR7a3K9xh2

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad
- Size
  
  1.1MB
- MD5
  
  7d2d11b3e1a30782525d39237cb09c75
- SHA1
  
  fe2db301a7a8ba1129ed85b0a021698756d7a7de
- SHA256
  
  1629bb38d859e5aff74e1f6831041d2d1d100924551a82f06f2d5ce678a388ad
- SHA512
  
  1f3f4072b32a3ef2f21f68490a5c2d5df5115ef296ed7c1ebb0ecc6e97d4d14b806b86adeb116f45a0925a1cd62e4c1373e7c71cc27a40e145465bf801870ec4
- SSDEEP
  
  24576:TqDEvCTbMWu7rQYlBQcBiT6rprG8a3crT9HRh2NB:TTvC/MTQYxsWR7a3K9xh2
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

© 2018-2025

Terms | Privacy