Extracted

• • Target

    da64442d3c6a951d48bfd35b0cfd91c5146158c2241953def76c60f1233938e3

  • Size

    506KB

  • MD5

    6a0e5a38fbf3c04fa128881663310ea7

  • SHA1

    936acfcffb2970c75d735d918ffe52dbf07580b0

  • SHA256

    da64442d3c6a951d48bfd35b0cfd91c5146158c2241953def76c60f1233938e3

  • SHA512

    8235c9b54dbea3008c305e1915e2684c7f8820ffd40b5c2cdb8d808825d3c3a44f11f08e448d3317b14594d3d3433a6970381450dff13a2d68ea1bf459f15ccd

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojanmetastealercollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer

  • AgentTesla Payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2