Extracted

• • Target

    New order.exe

  • Size

    521KB

  • MD5

    e1ffb53e0ba8fa00f3a07655369b04dd

  • SHA1

    64a1b8d5626898f7b967ebb0cd7843d5afb33ad1

  • SHA256

    788713bf44bd95348a123ef5f7297b6a6157f3c90da6c16cf9c76cb1165b569b

  • SHA512

    e610f79540649ee155329e94b7d89fa3e1f5d6a65f80b02f363502d147ff57f11105ee2082d429c1a817600a9e2139ea5ec2e610e08149b7c1c3ab36df7c83ed

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2