Extracted

• • Target

    AWB#-8158025864-09-07.exe

  • Size

    553KB

  • MD5

    871072d95966439336830c00838b0684

  • SHA1

    39d5a3c8b6c53d5cc932e4a075871a12fd2b037b

  • SHA256

    8416f3621c432bad0ab9877e3f9dc77ea9a3e1dfdbabef28b71059604b9fab04

  • SHA512

    93d64f4a91c445ea53565254aa055361b917567b18803bf50e62d32d0a645a6b328a89d4b629c8377aa704fe76409a6504339517f35a44727e311146e7fdcc9e

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2