Extracted

• • Target

    DHL airwaybill # 6913321715.pdf.exe

  • Size

    613KB

  • MD5

    88ad25beeb143d46152cc1968fedfdca

  • SHA1

    227071cc6681ca773729fe034bd76ba23f0bd7b9

  • SHA256

    368d524b4b5c6920e2d290364c9d42bfe3c01fd7583b5d8ef51787f9c8fa81f1

  • SHA512

    a0e35bc1bd051263b6f02d1d6756b934db48a46f2c43c4225e957822d88e640459bc42329c192ef1c85333f703825144fa9f9bba15e4cf3986d9bca7458a751b

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2