Extracted

• • Target

    4543_87_90876_654_2323455656_9877663_109543213257909.exe

  • Size

    369KB

  • MD5

    be0a55c04f08ca83f08509acc8f31be3

  • SHA1

    bea3e1583b13e62da5fb4065a3829ae3fc13ab48

  • SHA256

    988b780d0d0cd0ad56a9df65eebe0fcef0c2aceed91197feac862bf9086be33c

  • SHA512

    7ca6822f6de129b094c917ceb11122b0f1b495a4945bb6893787af09acfae1fa9bfef0a34dfebdbc734b2f18f1368ee83127d4be63c5b4513995ddec51315370

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2