Overview

overview

10

Static

static

5

PI 09007.exe

windows7-x64

10

PI 09007.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1037f60abc351ce0f60f685b20e9f709ade988f221d488a6466008eee0cf08c9

  • Size

    767KB

  • Sample

    240509-bzpxpsdf79

  • MD5

    78eb23a7758eab6d9a0a201662ffd392

  • SHA1

    ca1229006ce4c77a717c76b1f743099bd10b914e

  • SHA256

    1037f60abc351ce0f60f685b20e9f709ade988f221d488a6466008eee0cf08c9

  • SHA512

    ce5b67e602220f176a7862cbcedd699eceb6af1d24e7415239ba1dd4a790d62b942bdba64ef6c15a83b862da0eee1000a042bd04388b793ae3d1a3453f897e61

  • SSDEEP

    12288:3VrDNzNooy/+6Q97fX5LUTQH0OYqTOsiE7Vrq9UIRAQICCMaWJjfyIJX:3VrpzyQVRHHNYYiGV3sBfz9pKiX

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      PI 09007.exe

    • Size

      1.2MB

    • MD5

      488b62ebafa8cf690c5bbc6654b90371

    • SHA1

      f823d4862173d5e9f8745a31bc6620839126e6bb

    • SHA256

      d30a0a4160b520aa94e2aacbc0f016d1f31a3168130b5d83c0ed3356eff4439b

    • SHA512

      20f05e5de74cfe36a6d7ffc6903ed29f25f29c606e90c1d8e98f0a3e0cdc2f4e78211591d89d07f32f90cbafc6644c14e4a3faad58d2417624841c2b31506806

    • SSDEEP

      24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8a6EBlHDZKcW:ETvC/MTQYxsWR7a6EBlHDZKc

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks