Extracted

• • Target

    HBL-TXCEB221133921.exe

  • Size

    924KB

  • MD5

    8cc30536cf5cb034f58101ac6c5d5f30

  • SHA1

    eb4d6e97c32801948b80952311a38a34552f5e7f

  • SHA256

    f2dd1ea5092a534e3f8a79a21fa0e46da7d5d3a0a71b9945a7c6278c0431b79e

  • SHA512

    c42ae9b32097e3a1b00125e365e730cbe26eff4a53c3254d44cc68a06aa2a8eedea01855831519a13eb1f8db954d475dc0036c29dce43571a60de5f6062c2804

  • SSDEEP

    12288:FaS45nJrTmHkFrVr/9qvDGB9HEvhACmUQ8gneXQjWl2aaqnm:oS4PkkFrjqvDPqlneXQj7im

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2