Extracted

• • Target

    quotation 2021-12-01 pdf.exe

  • Size

    528KB

  • MD5

    237a401044a7d016c172e44c2785c551

  • SHA1

    8da96f7ae5a24d6a79c4e1e4698779558e7e0508

  • SHA256

    b3ef58847127711be325f2386c95bb360fc27abb57aa785d02fca1621f07b020

  • SHA512

    9649f1a8845760242ec8618f0c169d6959577852699261bfa38797e7a83528dfb823102baba76523b9dd2f3a76b40fb7f60aed0e28e8c9f08ddd2c6976492737

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2