Extracted

• • Target

    QiHu2b7HMHafiPp.exe

  • Size

    1020KB

  • MD5

    15ff9955368f9c4b2e5042bcccf84331

  • SHA1

    42243d2d6cf54f11021262cf46346088d33e602b

  • SHA256

    61c75c0d5321db299e58bf919860e9afa4471e4e97dddd00fad6a761cdd0a61e

  • SHA512

    4ef8c0c79aa843a5d3c0f2acc34c1f6686ac68e8105134d5d354362cd7db55908a9ce1814e913001d17044689e16e39e91ff3e6f0abe12c10c0a3a0c30d0701b

  • SSDEEP

    24576:ryr5/47m5E+8sFDi0HSLwQ12g0Wli4xj:ryr5/4sFjSR2g0WM4xj

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2