Extracted

• • Target

    WP455-25.exe

  • Size

    149KB

  • MD5

    9a744c66895c785a7a01a00a1b721d93

  • SHA1

    f894b9f7f5c27cb1ad343fc8148471fd3257b418

  • SHA256

    0a4e71d138b64a3b8b5b1e99b662536590a48e0bd1a993cff6a4dd98dd84f6cd

  • SHA512

    ed1ffd4a4fa61130d8293fcfac08a33a0de65fee79e401d7a2e8a7f496981b00c883209ba00f88e6371ed68629ce952a35d45f59fa199896378e66a93eabf351

  • SSDEEP

    1536:Fn3pxzkik14W//Ip9AxTp3q+ova+fVM/nvCcl0ifty5fRSQ4IurEb:hp5DG/SAxT8+ovbm/n6PiF0RHurEb

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2