Overview

overview

10

Static

static

5

Factura Pr...07.exe

windows7-x64

10

Factura Pr...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura Proforma N� 2024000107.7z

  • Size

    641KB

  • Sample

    240514-se3rhacb83

  • MD5

    b3ec99f57a4c55b500a3d12ba2079675

  • SHA1

    fa591d12da6d5a919f64bf14f89852008a32a022

  • SHA256

    d16adb8ef9dec60172b798b74bee440772fe45fd213254481925b7a226ff5fe0

  • SHA512

    4b9660c711b081578f74e17eeb81337f68f306e789ae2462414f6f8d43fb69f6b7f2cc57519ec10a5fc3d8573541d10c8aeaa0720441ee002a5ce4e70845ae3c

  • SSDEEP

    12288:Z3GtoDfvVvg450jxJ2Uc3E2xQ/A7yRYQUTAjVVIu9JHWLzPQEyNSNmBS:Z3GOTNVWJtN2xWAsYQyAjbIuQPQ5NSNL

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      Factura Proforma Nº 2024000107.exe

    • Size

      1.2MB

    • MD5

      b1a93c951334dd187af4ab129e2729fc

    • SHA1

      031ae853bb236ce49cf2db417e54d6b1cf994c79

    • SHA256

      00fd3a2a4eb0b43e1b4c897cd57306ec6d3219d2241972350a211362ae33e5aa

    • SHA512

      475eab0dfefb0575ab26b1c8c4ba3abbcc97854df45207f73ed2f4b9a224418afad1cfdccf0d95ef88c69311282516931808b9caccd2e0c6e64d7c3f07acbd7a

    • SSDEEP

      24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aMsYQWACbIXiZy5NlD:1TvC/MTQYxsWR7aMYW8iw5z

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks