Extracted

Extracted

• • Target

    cotización.pdf.exe

  • Size

    481KB

  • MD5

    aa0b3f47fdca7f1566c7f7afcba07e46

  • SHA1

    8040632aff5a6c6f69a56f8810c9e09d8036fa22

  • SHA256

    9f9201840dd99614fb416b361d0553f732ca317a3883abf2c84a044cca4b1f2a

  • SHA512

    617bee21d135d2329ee2d13431b5700ad593e59992f1fee2ac5458df9990223c6c4a45211e2169a8177587516e450e14a8b1ab8bee9e548dc0469627e211fe40

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2