Extracted

• • Target

    PO 003217.jar.exe

  • Size

    833KB

  • MD5

    b2bf9a2231058ccce482b86f0ca2293c

  • SHA1

    5c8eadeba17e779e327605c364351d60cb4dafbd

  • SHA256

    91e462bedfc07bf6a3ef8d29aa240925cb9a31335c090bc92c0f5672307b72ee

  • SHA512

    428c4722320f7b098f7e14d06ee0aa2360a813a7426badcdff4642eab8f59ed74518313c0f495114e6b4337e16e91dfd4bc1542c8f67cf53a322bb6883b03562

  Score

  10^/10

  persistencespywarekeyloggertrojanstealeragenttesla

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run entry to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2