Extracted

• • Target

    070ce8d430fc2f4619e6e5843831dabe5903d25f9561cf1fe1551359abafdbba

  • Size

    693KB

  • MD5

    522e754681dd0ce6ee093418debaaaa3

  • SHA1

    d92c7b8bcd8d3b3e468c27bd68c724538dd78cac

  • SHA256

    070ce8d430fc2f4619e6e5843831dabe5903d25f9561cf1fe1551359abafdbba

  • SHA512

    ef37b15e0a3887b68da233b5158e07b16e0a1f1e88d30ca5d6d5572d17f2d98f29d54c41bbc0c23b1584abd8ac98536a046f1acbb353f1c0c8e92255a0c6eb00

  • SSDEEP

    12288:IK8BjODxaucUL49JU2WIJmZi9709qXQ+jOyLSESPPn+SdSzUqrmld2/Qaq/KgIuK:IlBy1Zp7CN6GyY/qb2/Qt/0WM

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2