Extracted

• • Target

    AWB-28_08_2020_INV_28_08_2020.exe

  • Size

    622KB

  • MD5

    11425bca5c14a5d5d351e19018b8d845

  • SHA1

    1179c4454d96b8ab26071e8e9ed1561f38ab07fa

  • SHA256

    ff9b840ece5f9d5b8b5947eda766794747243a632f81fbfa11e1349143e05ad7

  • SHA512

    fef7fe90bb288e84614de64395ec310adbb768396073caa8d734addd9ecdc2a2c96b16688db555b4f3ae32288abb8dd9f4d0e70168108c7a91e8b1ded2a0ecd6

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2