Extracted

• • Target

    swift copy.exe

  • Size

    789KB

  • MD5

    61103d8d0d139971f7f2b81715156a73

  • SHA1

    42d579f94d175c121434512b1675b6c4b84cf72b

  • SHA256

    9d626bb9d442d3762e5366f0fbefae41708936b9c254141fcf3b0a1b80291ebb

  • SHA512

    c7c4f3a5eb87a835290973478015b4baeb83a60163968d0a9856420862297855a2a4f4f1f81e6bc44563274b34651cbe9e01db60a0708108a8f3549dc8d0893f

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2