agenttesla | f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780 | Triage

Submit
Reports

Overview

overview

Static

static

f3dce07ef3...80.exe

windows7-x64

f3dce07ef3...80.exe

windows10-2004-x64

Sharing

General

Target

f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780.exe
Size

3.8MB
Sample

240509-kc3dyshb4x
MD5

56f465f72c1d03714aa6cedadcee54f1
SHA1

15c128e34eba74fc9d49333eec77a9af8dbf2b35
SHA256

f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780
SHA512

ea324c6d06448f1ef487cb597985280b8c57ab93ca4dca358961a5f2f0085ea833091fbe704b954003eca093aeb32a71dd07a4abe3e01ebdf14dacc4d8800d26
SSDEEP

49152:IrJtPEr7HuX1vWGgSppA3tfae4atH3Imc74mPbA30f6nty:IrJtPE+XjZy5tXlc7RPbbgy

Score

10^/10

agenttesla dcrat zgrat infostealer keylogger rat spyware stealer trojan

Static task

static1

rat dcrat zgrat

6 signatures

Behavioral task

behavioral1

Sample

f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780.exe

Resource

win7-20240419-en

agenttesla dcrat zgrat infostealer keylogger rat spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780.exe

Resource

win10v2004-20240508-en

agenttesla dcrat zgrat infostealer keylogger rat spyware stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780.exe
- Size
  
  3.8MB
- MD5
  
  56f465f72c1d03714aa6cedadcee54f1
- SHA1
  
  15c128e34eba74fc9d49333eec77a9af8dbf2b35
- SHA256
  
  f3dce07ef36310e3d43a014c12c02312797d1d1b42c841089e5f02b5a0165780
- SHA512
  
  ea324c6d06448f1ef487cb597985280b8c57ab93ca4dca358961a5f2f0085ea833091fbe704b954003eca093aeb32a71dd07a4abe3e01ebdf14dacc4d8800d26
- SSDEEP
  
  49152:IrJtPEr7HuX1vWGgSppA3tfae4atH3Imc74mPbA30f6nty:IrJtPE+XjZy5tXlc7RPbbgy
Score

10^/10

agenttesla dcrat zgrat infostealer keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Detect ZGRat V1
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- AgentTesla payload
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladcratzgratinfostealerkeyloggerratspywarestealertrojan

behavioral2

agenttesladcratzgratinfostealerkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy