Extracted

• • Target

    b589d59559f6fb9bc99c72827a082300d6418e98c56fbbdf54e7afb1e7fb1aac

  • Size

    835KB

  • MD5

    bb9ad21a2b46dec86ca6a06649aa4a4e

  • SHA1

    9d5d888e05ba3fa2e6ed5a9da5884457b7b5f2ce

  • SHA256

    b589d59559f6fb9bc99c72827a082300d6418e98c56fbbdf54e7afb1e7fb1aac

  • SHA512

    85562c43482729344116b78b70eaa66a0b64a2ab3d8679153934b4f6da2f87b1ed273098201eb84952c3be4ea99cd6063f7d999e36f974d4a223ca18b86dd4aa

  • SSDEEP

    12288:F+sVxv8DsIqGPtdUAkihHAlBZiEcfG6HBn4e3vjM2f0hJTArFFKYFUzgLZ:l8DsMl9ThlEcf7Vb3QCkIFXUzgL

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1