Extracted

• • Target

    6HAA3aT4lVJeNR1.exe

  • Size

    408KB

  • MD5

    c54e4a0c73b7a774f087afffa441df42

  • SHA1

    7fed19ee1dcf71545e8c2d0651c91a16e80c8d42

  • SHA256

    8a28b3a70394fdadc19a0879c31c86ca081b5bf0def5fba4f28847c6b9d87af1

  • SHA512

    9fe0dd60ee70f41b59edcc21aa674c8dcbd183aa560aceb505063fe34a70dcbcaaff0b13964d809ef26cd7fdb64d7721bd8e8a6735fb3965093de2759c4694cf

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2