Extracted

• • Target

    payment copy.exe

  • Size

    940KB

  • MD5

    52fcd3f3cb7f0eaacc6cc393ba9313da

  • SHA1

    5a7304f89ce6525e0449ffdf0022f5114d181680

  • SHA256

    eeabb0a04ea59624d05185afbbf4a1c8e5db554c0c325871c4c0ac5de34c5547

  • SHA512

    7ce8744c23b517043b25f173733888385be9fdaa67b597c3ec522d24d422ed1fee9a44cfa51c7c6c3812fbc2fd791fe57a822e3c0a462670448fb0ee507c54ec

  • SSDEEP

    12288:yEhqU+PoxVZ861s4cEOSJJi0yIxYeQo//tdYV71JSYVBgrVDdzoa1cfN:LuoxL1MEPzyIBPY/JSMBgBDdEPf

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2