agenttesla | ca4f5accc0736c9c52e789f2886a9a59bfaf8bf262f20d3878fa13efd61c813d | Triage

Submit
Reports

Overview

overview

Static

static

5

ghanaboi.exe

windows7-x64

ghanaboi.exe

windows10-2004-x64

Sharing

General

Target

ca4f5accc0736c9c52e789f2886a9a59bfaf8bf262f20d3878fa13efd61c813d
Size

732KB
Sample

240509-bnl2nscg95
MD5

b54240fde75c9bb2eb53bfb084a2faef
SHA1

44d2dbdef065bfd57bf17ac77476ea3dd813ec42
SHA256

ca4f5accc0736c9c52e789f2886a9a59bfaf8bf262f20d3878fa13efd61c813d
SHA512

ab027a27ca903a101548146de27e258620cf100be718bfa6066079910486b77f7e62e5c912b6614ad75401552c5e00c06dcd013fe432fbd6fcba8bd63de27a32
SSDEEP

12288:aaQTvDn9COmhaMdrFBuYFKsQ5LuQt0rEs1L/5z5/uxZfuJHZsf+1eHhzlH8uS+6p:aaCvD9M1rFBfFAhv0nh5ly1ujNwhceGz

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ghanaboi.exe

Resource

win7-20240215-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ghanaboi.exe

Resource

win10v2004-20240426-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ghanaboi.exe
- Size
  
  1.1MB
- MD5
  
  379aa8fa30e23db3020c74118d2e413a
- SHA1
  
  c958bf38eace61a6dbfd01c44bc2f9e873fd7483
- SHA256
  
  8cc809668c3d157bc21a6a61130f1249100029876cfe4295c5ef0ef1f738e6af
- SHA512
  
  69fabea1d3c08c268b6c4f923336cd4100c6c2a6d372aa941d35bd4fc3adcf17c36c4cd65b598e5b5ca5cb2ed497b7e19f89fca7ed4ccd3e5dc373a84dc918c6
- SSDEEP
  
  24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8aaNT1upDaLI6kN3:dTvC/MTQYxsWR7aaNTyD8i
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy