Extracted

• • Target

    Packing list.exe

  • Size

    720KB

  • MD5

    664062762de8fdfb381268ae566f3d9e

  • SHA1

    d9f2cbd717f700fe9046f947f62fa9d906b3d46f

  • SHA256

    7cffd8eb6866547d175295072b7f1b180467a29b537da3ede1f2c3ebe11c7aaf

  • SHA512

    66dc66420565f1b4b2b34a6b5dff7c1dfda6ac9fb65a12738066d866abf8e91afc462d94d1f9c51d9b00bb6158819d69b17aa47787bfa98a5e93168174bb611a

  • SSDEEP

    12288:TRbG5h7Tu3XDG2g9YIDz+gbldEevK1pisp2VDPrv/ugwyu4CkrOP7Vg:dG5d4G2UpZdEeC1pispaDDHugwv412h

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2