Extracted

• • Target

    846eb391b3c954776e1fed7d77fceb17.exe

  • Size

    187KB

  • MD5

    846eb391b3c954776e1fed7d77fceb17

  • SHA1

    367a8e5bd925ab237b55cc757281110c8ac6c106

  • SHA256

    1eff050baff83ae24c33483e5d79a58d2ca3370b8716332ac88c1c704338c3b1

  • SHA512

    05f96f92a9aa7c58dc5f41632437d5f913be0d9ae1c46287b236c4b46dae9040db75bb1d52b1bf19f514c501c31b4223c1856f45bc4227c109dee1e448243a64

  • SSDEEP

    3072:3fY/TU9fE9PEtu0bsRKJRSeuLK4/bnmH6khiS5ACzdCqWqHjcgi18+vnV6ZYEEbQ:vYa6I5nzun/bhhS/dtHjQ9vV6CL8

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2