Extracted

• • Target

    NRJHM5PF.EXE

  • Size

    1.2MB

  • MD5

    f6792d895fd876b37613d49195da8fdb

  • SHA1

    b7b0b6b02087834c6d1a13b2707fbd1cf3107d84

  • SHA256

    fdbda792f1afe76690988d21cabb124f86ec84672c3b45576471ed50a0078e74

  • SHA512

    91cc3df47c15dde764b9897c4e2c7cba230907ade61841a8b2848942bbf262ec0b3c4ed09e9cd2cbeb90bc490c7ebad11e100dee99b08edff49e619a13dc90af

  • SSDEEP

    24576:5yGapn+w2CHo4K3azJotAxRnJA4VVZqdOp:DalOCHzK3qJotORJt1qdO

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2