Extracted

• • Target

    CONTRACT NO NSDA056 YH2301_Ergun machines.exe

  • Size

    667KB

  • MD5

    7439e6bf045b2d72e432cb0cbdc66657

  • SHA1

    bd3383cc791aaa1957c4d734be6ff9d5516c425e

  • SHA256

    80cc7d6a260ad6c2c0c88ddc2160f78941eefeacb6c4445de87fb47d24555520

  • SHA512

    14ea36ca289f7f05e4570f062f25bf50aab338209aa724134523093d5a02827d2523fe22503079bb3692e9dc81a4e24df6f9b0197b837cd24dfe52bd6db43d2d

  • SSDEEP

    12288:PsxxolENV0cikeE2eZenpFhplkSnhvEO8XnLRi57:PGb/pZIHDhs5L

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2