c1c46e45d0b8b42cf005b9e9bd380e4de9ee18d67901d5558dab688aa8c41fde

Tags

Signatures

• Suspicious use of SetThreadContext

• AgentTesla

  Description

  Agent Tesla is a remote access tool (RAT) written in visual basic.

  Tags

  keyloggertrojanstealerspywareagenttesla

• Reads data files stored by FTP clients

  Description

  Tries to access configuration files associated with programs like FileZilla.

  Tags

  spyware

  TTPs

  Data from Local System Credentials in Files

• Reads user/profile data of local email clients

  Description

  Email clients store some user data on disk where infostealers will often target it.

  Tags

  spyware

  TTPs

  Data from Local System Credentials in Files

• Reads user/profile data of web browsers

  Description

  Infostealers often target stored browser data, which can include saved credentials etc.

  Tags

  spyware

  TTPs

  Data from Local System Credentials in Files

Related Tasks