Extracted

• • Target

    money $.exe

  • Size

    442KB

  • MD5

    ab7585441ef37e3becc9e16291c9a183

  • SHA1

    6d734d333844615524faad5ff0c5c197998e0e95

  • SHA256

    603f8bb918cf97d86b4e20c72ebd9138160475c24e7633b5cc4f7c7739b0203d

  • SHA512

    4ea5f4edb9a37938bd532e6648a372dd0a2b237e663661e7dbcf9b889aa04e9ec6eecd8f03aaf71d77990013a8780b930192e02e5a9394b56cb326451ff0d769

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2