Extracted

• • Target

    Balance$600,000.45.exe

  • Size

    504KB

  • MD5

    8f39edd39047e00d9c57da146847da2a

  • SHA1

    b4f85d0261a447fcf0142f17afb48605019f6607

  • SHA256

    8746c847d9fed55204ba36ca9ebfd732b796cea613c1c13aa74ab64055e36cdd

  • SHA512

    9da939b7eca354c445c3de4890cce59d21cfd8eb1dbb76b7a49c6087557c4f8cd69265e6c66083ddc51dafde208e8009ed058739469426b91883b812c001d1ca

  • SSDEEP

    12288:mSdKLCsa+LufAY4mDeZhzrkGlF/lXbS3UjJ1bakZBao:VdK2sa1fAY4mSzAsF/xbgU11HZBao

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2