Extracted

• • Target

    15d664bf81b4d721f62e6cb6500de8d2.exe

  • Size

    651KB

  • MD5

    15d664bf81b4d721f62e6cb6500de8d2

  • SHA1

    d95d22d179749a21178ba90b2d6e55168ad046b1

  • SHA256

    7773c82869650303e9f60d548bac39f1e88a860be35ce83a1a3f9c700b4fb7f1

  • SHA512

    c105408b2d3a89aa85c8a8f98fe7287c22f1b92c3d007b293fc5db771a7a83722ee63b830d65215358fee57b5f3276874273c57a001d85bd962d16dc559662d8

  • SSDEEP

    12288:NG2iNIh7mld48E6mTB4LXJplsdt2YV8ezf85Zkomrych:Y1LqBUXfCGy8Lmry

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2