Extracted

Extracted

• • Target

    a3bf4067de0bab2eb1fbac9387dee051.exe

  • Size

    551KB

  • MD5

    a3bf4067de0bab2eb1fbac9387dee051

  • SHA1

    e64101fca02a7f17dcf949c8c8f1bd8e3b728146

  • SHA256

    d3863329490232ec4baedef01a781ba4f7e5053c9fc0cf6a7b5a904447662888

  • SHA512

    497cbdb7a6076e333882bf1a0bcb513d2b0a3851fe5198f7b1eb10b733d9703d22cdb7c435b9bf30b9bca8c70cc6bc52af1b5775eb9de8530b20b8203268cf63

  • SSDEEP

    12288:LJRWzaxwecadQGGU3ydB/v2Ns0enoT7vJfcUvb:7WzO4UiSNVenkv

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2