Extracted

• • Target

    RFQ#777800.exe

  • Size

    486KB

  • MD5

    397b20ae26eaccb4ec2ae5e94f6ee0f0

  • SHA1

    f49012b7adbfd8113781bf46944e884c1f2ee236

  • SHA256

    0269e12654cdeee23a263c2fa347dae7da354dad89e9b618e347f919813cf3f5

  • SHA512

    e0a004fefa3c99e7b52cab147352d103e4cd1389d7221df48959e471e9fc5afbbfc91a9bfeb85e7c601d7c731a59a2c3c14e95588d1164cf1cc42b886322e1b3

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2