agenttesla | c1b10ca7aac50af11c80df17d6beb69b36b6b468b8ae79d33e60b77e66f4183c | Triage

Submit
Reports

Overview

overview

Static

static

3

Hqjtehdep.exe

windows7-x64

Hqjtehdep.exe

windows10-2004-x64

Sharing

General

Target

PO docs.iso
Size

4.5MB
Sample

240515-se4c2aef6v
MD5

69e3518881c67aed5d119a0cd8fd3fa9
SHA1

bc7f3a5c8edb6fb3a15e7fb84220b9064b16134e
SHA256

c1b10ca7aac50af11c80df17d6beb69b36b6b468b8ae79d33e60b77e66f4183c
SHA512

0e0e900046dabf6cf5020edad477d703acbfe3452f90f7203d8f403815b121a01a68ae8bdf4249bbfc55fa15ff121841f9e1115f33e59cd75b1d326d9e0791d1
SSDEEP

24576:ONrJDheOmsfxYFB6YST9YaCjWbOCixQel8vBw+/m6hWsmQvd6KqcR3PPwf:O

Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Hqjtehdep.exe

Resource

win7-20240220-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Hqjtehdep.exe

Resource

win10v2004-20240426-en

agenttesla zgrat keylogger persistence rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.spia-indonesia.org
Port:
587
Username:
[email protected]
Password:
Looloo123@#
Email To:
[email protected]

Targets

- Target
  
  Hqjtehdep.exe
- Size
  
  4.4MB
- MD5
  
  dcbe06e2f3054aa9126691eaa33f03f2
- SHA1
  
  9716dc37e885de30efb8319f3653782c25712db2
- SHA256
  
  6e93b0e461b5098a0b9f61b10199135452cf93e54fd2d4fa37b9df909591be2b
- SHA512
  
  4ed52f2783ad6813526f0e3dd6fb4c1648aa5883f1beca5cd8f12cd50828d2c52ad782133bd8e4a57348fdc7b089b62e222550b146dab6447ca46c15f0e50b88
- SSDEEP
  
  24576:ENrJDheOmsfxYFB6YST9YaCjWbOCixQel8vBw+/m6hWsmQvd6KqcR3PPwf:E
Score

10^/10

agenttesla zgrat keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

behavioral2

agentteslazgratkeyloggerpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy