agenttesla | 6329282f308e0fedcd96f40cbfd7c368f8868dee20b7437949743a37723f34b0 | Triage

Submit
Reports

Overview

overview

Static

static

5

328e70cca6...aa.exe

windows7-x64

328e70cca6...aa.exe

windows10-2004-x64

Sharing

General

Target

63d74b4d5b18373ba3230ed473922c70.bin
Size

730KB
Sample

240511-dkhaeshf4y
MD5

d9dd99307bbb6c0b3986bbdd2b839262
SHA1

f9c77ed101250fcfefb3e749d9a02442c85fb8b8
SHA256

6329282f308e0fedcd96f40cbfd7c368f8868dee20b7437949743a37723f34b0
SHA512

029ac9278b187636d08f2d52480e468c0beaed185765e6f1975154b9614619b4d22531d6db94565b346a885424872a7ffc65b9b270435e55b650ff3c29a8b3cc
SSDEEP

12288:ov6bPcSeVLIBPg5ca82Tmm3X/Veh4jdSB53OGxeyLBc01hiuxI58gXam:ovJEgu5xA9emsBdeOO01Vxzgv

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa.exe

Resource

win10v2004-20240226-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa.exe
- Size
  
  1.1MB
- MD5
  
  63d74b4d5b18373ba3230ed473922c70
- SHA1
  
  96dd293df1e4d4f7972d3c2d647195b81a1699d8
- SHA256
  
  328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa
- SHA512
  
  c43d222acef5f5581ad1923431aa66a39161da2e69a02afc64aeb901e3c7465c392d11bad5d14662b66f79e90adc3ef843e78887591a4794486350aa0ba6f512
- SSDEEP
  
  24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8amzNiCDJjKJ7ypNh1:0TvC/MTQYxsWR7amgUJI2
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy