Extracted

• • Target

    47ed88823536ce7e042463d77c5bf6a99b27fe796df40b72c7dce920bfc947fb

  • Size

    759KB

  • MD5

    b57997c4724b988c46d1d279b02b14b0

  • SHA1

    a1574cdb43c992003ee29c7dddf204104ff9a11b

  • SHA256

    47ed88823536ce7e042463d77c5bf6a99b27fe796df40b72c7dce920bfc947fb

  • SHA512

    afcf5f020ff36175feb7035c2ec4d48e22ee375c212c665b54ef49614abd2b761a3a2fc77a484561e1d268e90ac9af17cb3b6ccd2fd7b6ef2272addc1247c03a

  • SSDEEP

    12288:JuHkmFx2iqNhujGjUEg7iFC9S48smFsmuM15MTGuGOyHeKxIf2TV2C3T3ZiNXEjb:MEmFxU2UG/mFsmTzMTjy+wIf27FLggXr

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1