Extracted

• • Target

    Advance payment note.exe

  • Size

    563KB

  • MD5

    e713b0186734c17151daceb17d315ba0

  • SHA1

    d31dea95ba177db8bc18ada3625a5604dc948359

  • SHA256

    0af307702055e443dd8ceba3a2b2022609442fd7f6c5358180ec8c6b581d21e5

  • SHA512

    0a5cfd4de6a5d6c8c3cbe66e88a7a96ba4169383a7f6a59f9777034ab26a548a02db49a6f5f9d8620f42943b3e6052eec47a59b7a154381e0707332e21fd49dd

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2