Extracted

• • Target

    3adbcfa900364fea063868cc98203914a5415b75408e02883b2c22ab365ea5be

  • Size

    839KB

  • MD5

    6384f3e0bd73c43f2e957f96ec37f40d

  • SHA1

    0e3ac56cd81df4115905637ea8b23f1e67333640

  • SHA256

    3adbcfa900364fea063868cc98203914a5415b75408e02883b2c22ab365ea5be

  • SHA512

    93a2b19f6453e99477323d35d5ecd814468271db4ec7875d4c544f56a39b9f491323af02c14f466fd7a18aacb2745ba6a1eb10fd14cf96280142af42509009f7

  • SSDEEP

    12288:Es8y9maPEQ3OSuzqHu2FdypalrJBKNqk7AP9Tkb+mmhBQLT60UVnamOKD:E8MMypalHZQP60ALOu

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2