Extracted

• • Target

    order 5500065035170620.exe

  • Size

    426KB

  • MD5

    81f65f990a84c6f185606ff67470c306

  • SHA1

    e256b306db229b5f4302b470b59accdf94a5c824

  • SHA256

    5cf1f9fd8a8000ae58fa7607a3201c6abfbc9a352d90e589ef1d93317336c881

  • SHA512

    5c54323b514bb3fe1d2eb7e9da9ba4c1f882e9e4afdba56d4347a5c212576dff63258060a8313536950fea4d9746df652d226c148f41ba0e55bc3babe74eb1ca

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2