Extracted

• • Target

    Curriculum Vitae Maria.exe

  • Size

    949KB

  • MD5

    51d1bde6c3477634173f24696eadc7a7

  • SHA1

    ce440c7141f2719dde2be1ff73486bf45200fd1a

  • SHA256

    9235d37d4738be9f02862137b8cca61170168279a1243703006a2ed88b1d5ec2

  • SHA512

    7447020d3dada00dbdfba5fb1c340f871cdc87451d5981a0050f87edc5e49ece39acfeee665e58e0052ad6951ad062738c1d73b830f9e0ac8d54bb75bcc4b8a2

  • SSDEEP

    24576:EDdWwbgvuG9fayGOB8co6C6OJ5Ey7T2Pf:ObgvuG9f5GOB8X6OJ5EyX2P

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2