Extracted

• • Target

    5c63633ca6215a64a9f504580e17a9968636d66dcf44c062a876d25c1326ac09

  • Size

    765KB

  • MD5

    771ca382a7507d9f3fe65644662ac9d4

  • SHA1

    002bc72cb2cc25c0d3d2489af70a76fa690d2215

  • SHA256

    5c63633ca6215a64a9f504580e17a9968636d66dcf44c062a876d25c1326ac09

  • SHA512

    4d7f888572116aa20872795c0a5e7766dc9d0aba9a07193080c7521bdd9689d99e7f2325364c33fdb4d56a4fbc0b29d944e258a2c0d3aacaa8071df3e7aeff54

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojanmetastealer

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2