Extracted

• • Target

    b472343a9ac7b5969b40f22b90771cdee7210913d348e966ce4ed7540bcb9ddd

  • Size

    744KB

  • MD5

    ba017a929db6156f1bf1ddef8d6766c7

  • SHA1

    cc33ec6ff180e9a6b9121c73686299d1b2bdec5a

  • SHA256

    b472343a9ac7b5969b40f22b90771cdee7210913d348e966ce4ed7540bcb9ddd

  • SHA512

    46aff8e40fd7646b83d87cd29c8794f202749982fce76d94eefd412cbe5600bc26d3109420727473d6f47b654ae9a79b94bcf2bd0d09646f0e6b1c010d8367e1

  • SSDEEP

    12288:kwlDmomPZefLPtqvyuSZpIyu5qDdoazx/0pk6XyNlNIkkVGueqB89wF+e5/g:momxiLQFSLsX8x/0zaIR0ue+89wF+Ag

  Score

  10^/10

  agentteslacollectionevasionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1