Extracted

• • Target

    3ba367bb53bc5ad7c0e8d7f5a9d33532.exe

  • Size

    718KB

  • MD5

    3ba367bb53bc5ad7c0e8d7f5a9d33532

  • SHA1

    974c0e32a4480927f27daec1f65ce9bf23ff0e0a

  • SHA256

    33ea02b92678e7c73d8f65dc81d76733fe0ce94b9c9b22ebe216132a0986436f

  • SHA512

    c595d47918ca1a3facba0003cf1dd245e10aad78b190fe5715904c16fb13052e41a3a807da113ef46c7ea4688e01f7136b9ddeda0792398a5bc872a69628294e

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2