Overview

overview

10

Static

static

5

437ead7b2b...31.exe

windows7-x64

10

437ead7b2b...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831

  • Size

    1.1MB

  • Sample

    240510-br1n8sdh34

  • MD5

    01311bbcca3794100bc4ef5a6f7f471e

  • SHA1

    01372089b8656907ec48e97eb911d05c41b9c651

  • SHA256

    437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831

  • SHA512

    5fcc0ea9c247f591c6d2fcf37d5feb2e237856fe00cce1091eaf6f7254778b31e23507c2eed436c2a437d0033712096777097e6fa7960c14e18af0eee2504d21

  • SSDEEP

    24576:K4lavt0LkLL9IMixoEgea0k9I/l1uh9hq9MmCS:dkwkn9IMHea5y91utaPCS

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831

    • Size

      1.1MB

    • MD5

      01311bbcca3794100bc4ef5a6f7f471e

    • SHA1

      01372089b8656907ec48e97eb911d05c41b9c651

    • SHA256

      437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831

    • SHA512

      5fcc0ea9c247f591c6d2fcf37d5feb2e237856fe00cce1091eaf6f7254778b31e23507c2eed436c2a437d0033712096777097e6fa7960c14e18af0eee2504d21

    • SSDEEP

      24576:K4lavt0LkLL9IMixoEgea0k9I/l1uh9hq9MmCS:dkwkn9IMHea5y91utaPCS

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks