Extracted

• • Target

    PO-20200709.exe

  • Size

    922KB

  • MD5

    c2a716ded7676fcc85c9f7299128e85a

  • SHA1

    c612356859cc4f15e251a22f009f86e0acce05d9

  • SHA256

    da2d328729fc82001649fea94517079e39a3579d3154778bda61072c5c3b2590

  • SHA512

    d8754f6fe55228e3fbde6d8a4390f396817873adc3f6f8962bc527b8d1c373752ca5e3c36cb88980b69555632005d9ba04a73aec4dc4fbb07d0c62a70c0589d0

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Drops file in Drivers directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2