Extracted

• • Target

    Purchase Inquiry_pdf.exe

  • Size

    501KB

  • MD5

    efed7c80f2d5d857f01cb11fce2969ec

  • SHA1

    ac23b49c35518ed2f6730e26b45e1684568be1cd

  • SHA256

    f69d3da755e1879ba7c75e9eeb0d855b23f5cb3a3a58785d25eb23acdcfc421f

  • SHA512

    bcac675ca3876d324ff0a92a7627043cddceaf5c767ae57bac23ba631190d6a98a0b77556665a67e570f3b24b25fb9f1bed87c308dedad13abb83561dddb6891

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2