Extracted

• • Target

    0be3682accde2a88d78e2516998a4e19a01d116a1a66fadf903b60326b92cca8.exe

  • Size

    1.1MB

  • MD5

    eb86275aeb317d404d5b8fda23f673aa

  • SHA1

    ad010abd23862d25925fbbf4757f9e71907fe9cd

  • SHA256

    0be3682accde2a88d78e2516998a4e19a01d116a1a66fadf903b60326b92cca8

  • SHA512

    29cb4e46129a828ca26133426c5f4dde20eccc13c8e178e6288f788ec38686c39623c1c25ea6a2275e9430336b34bf61c9f2cbfdea85c0651fe93a941dcc21de

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2