Extracted

• • Target

    GimRyEHi4ONqTEe.exe

  • Size

    663KB

  • MD5

    0607ab0327cdb80f6ca1c6d28d17225e

  • SHA1

    dbe05654fb952c15ca8cec612186944666fc1a0d

  • SHA256

    242c24fef019f1a8a9f3c351b86c8a5a50a30cc562605a992b944c19f66f150f

  • SHA512

    25d55347538511600395b86af770a1f127c351c612da31b21d624bfebcfcc6c6512b745ced3e3b9f81e036e77433b62232c8512d0e737343fdb977e938e053dc

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2