Extracted

• • Target

    92c492_8f22087a2c0740eba07c3aea05e107e7.ps1

  • Size

    759KB

  • MD5

    cbc2d2fda4346646489382819fb07d61

  • SHA1

    9b3768e6676984c90a0ad251a588e6b0ecfca365

  • SHA256

    d2606cc6318b1e0c21de14cf79f8e06652e783e9239c84eec8bd2b0582ab6cd2

  • SHA512

    72ca8ceaf15aca5400e4504c9fd521414b7a4330fc9bd0cf3c31caf62f20227fb34c4c9b68f7cf756d64ffc687fb0d33435cc200a001def42ff16dfbbabdb059

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2