agenttesla | d948ec899810d776263d97504c42d9918b2333b97883599877a5d3c214e863a7 | Triage

Submit
Reports

Overview

overview

Static

static

5

Swift_2024...12.exe

windows7-x64

Swift_2024...12.exe

windows10-2004-x64

Sharing

General

Target

Swift_202411054785712.exe
Size

1.1MB
Sample

240511-dmw7cshh5z
MD5

aaf2dc8cddf0d1d520a115465d982e85
SHA1

265889f5bbe27be46303371e1debea373582bb72
SHA256

d948ec899810d776263d97504c42d9918b2333b97883599877a5d3c214e863a7
SHA512

5c7ab16ddb87eadac527d7c9071eba96f8238f11b79218b612bfb4fa8a5210407c712099e9be475c27cd9deac053b3d7e75f4e556817016d3453f85b084ff472
SSDEEP

24576:jAHnh+eWsN3skA4RV1Hom2KXMmHakGXGhMHb0/3Yjh5:uh+ZkldoPK8YakM7IYX

Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Swift_202411054785712.exe

Resource

win7-20240221-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Swift_202411054785712.exe

Resource

win10v2004-20240508-en

agenttesla zgrat keylogger rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Swift_202411054785712.exe
- Size
  
  1.1MB
- MD5
  
  aaf2dc8cddf0d1d520a115465d982e85
- SHA1
  
  265889f5bbe27be46303371e1debea373582bb72
- SHA256
  
  d948ec899810d776263d97504c42d9918b2333b97883599877a5d3c214e863a7
- SHA512
  
  5c7ab16ddb87eadac527d7c9071eba96f8238f11b79218b612bfb4fa8a5210407c712099e9be475c27cd9deac053b3d7e75f4e556817016d3453f85b084ff472
- SSDEEP
  
  24576:jAHnh+eWsN3skA4RV1Hom2KXMmHakGXGhMHb0/3Yjh5:uh+ZkldoPK8YakM7IYX
Score

10^/10

agenttesla zgrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslazgratkeyloggerratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy