Extracted

• • Target

    Quote_2200001634.exe

  • Size

    644KB

  • MD5

    2e98787c80a67fbcb7160f1da05f945d

  • SHA1

    9b5c0d7e7dffb6929cf88e3fac1ac91fd6ebaec6

  • SHA256

    820fa304f0307b6584073fa6fc34639a8347b438737e46426f5d0784ca7fee6c

  • SHA512

    e6b6a08e1242907cba27b726948e3d8b43904d5f15ab99dd4c2af3da975bc18e8635cf293ad2498bfb43820d245d2c5ba8c8d08482805818c3bc223c157b18bd

  • SSDEEP

    12288:Z1Xcgjx1HsAy+pUUH1z4eqv8RHepscVKQSTADvjLN9rPWZ:Agjx3y+pUUH1z4V8NgVUALbrq

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2