Extracted

• • Target

    ohoyecaysj4799.exe

  • Size

    636KB

  • MD5

    0d8538ffcc2992e867d5da447af1bef6

  • SHA1

    be43896187e71eef6f463f407aca1007495c4628

  • SHA256

    f4e9e61847bf9d01a5249071cbe12827cdc1c5fdae59cbd2e11719c5dfde937c

  • SHA512

    35ee84b60aba711d7e0cc39c5866c0072a1ed091ed8925568da252b85f1a049004b66cccf48d9704a9a4173352bbfece216897e9d4491aa499dec9bd360e509b

  • SSDEEP

    12288:N2iNa9S9DnuFtiYs1PvvysZsBC85i7Du5sHqus0nIaA:N1I9iDuFtzAPvvM885KDu5sK0In

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2