Extracted

• • Target

    70654 SSEBACT.exe

  • Size

    451KB

  • MD5

    d4fbd30ce19b0d9632201fbfe9b9943d

  • SHA1

    f0dbe35cf51b8b1c909ec0ea5a8c1228986f36ab

  • SHA256

    192af07a83d42e824b8afc672e276e9f7906fc40c36776cb309e3d7762851206

  • SHA512

    562c44288f64e38af06f6a462ebbe5a51ae1b397095e30f6ae27fbf60dd499e9e015bd0facb2b82393b7c974e3cabe5a0ad32ce440401b5bfb21b068d56ec13c

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2