Extracted

• • Target

    90d9c203070aa9ee80dce9132414862bf917326d61385c98a05e21e44ef5c349

  • Size

    164KB

  • MD5

    0078dcf029269f5ef4788fadb3926337

  • SHA1

    2f4fc93c041722aa3bac71a2399ae4a704334ed1

  • SHA256

    90d9c203070aa9ee80dce9132414862bf917326d61385c98a05e21e44ef5c349

  • SHA512

    920732dcd6fb583e9c90f045e4e07719d087407e482bb53f877859d806bcdc1623a554c796997153f98c12877a74134490e7cb0721b95a94a6c1ec52e9b63cc8

  • SSDEEP

    3072:JisUOGkFO/t7EVE+OsfAijH/MYK2IOAQAuW6scPhe:tGUONEVE+OsfHLvIOCtc

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2