Extracted

• • Target

    e6a2001dbde3bf2086d37a69227a2499.exe

  • Size

    722KB

  • MD5

    e6a2001dbde3bf2086d37a69227a2499

  • SHA1

    e282f10c3c52d7403bc75189af00ad5eb0f7ef2a

  • SHA256

    f7a85b381a8b14beb5b1ca19b4a3678c134970610a336376a0ad836191a130bd

  • SHA512

    917182c4089edf76854fdce0167182f45a4b5801962c9ed9cc74f458a7a2942a87e7e2c6fcbd26a7519d86199686f4714dfdd4f96e1fa9f8f607f858fe83e417

  • SSDEEP

    12288:wc06IdYVFXjOFKeiplvcroXYcaAxO/IBXjSComZJbxpDF:j0W/jOFKZS8aaTECo

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2