Extracted

• • Target

    Case file.exe

  • Size

    717KB

  • MD5

    8b96b92d092045906f8be7738d94f92b

  • SHA1

    7be7cd3e09a959575cacddf97c96e4f731dddc50

  • SHA256

    3c1435bed4783276e6cb146e1e99b752f59b93be1320547419f19a02603feaca

  • SHA512

    7b12f092885481c3c9b28dc481c9befc457adb11fb83dd18c200d6510fae1a71eea96f1d67c0efde3c6eb6f74a80989642c0f53bdb8ef80429ffc2dd1bab2970

  Score

  10^/10

  spywarekeyloggertrojanstealeragentteslapersistence

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run entry to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2