Extracted

• • Target

    0e3e3e0efeb0205d2b62abf3d.exe

  • Size

    308KB

  • MD5

    0e3e3e0efeb0205d2b62abf3db782ef6

  • SHA1

    42dc080b640b25c9c636f99f4aa59581e3c1b164

  • SHA256

    e614f0c45b47ae3861628f9b915e50d283c1d6ccca43ec906d7f5376ea024bca

  • SHA512

    f327130b84032e7276f13328464264f4da8392346a552cdd5b8fac688d9a1b60f240a86676d443bc6a79fa341887b1789443e9c9be74000fa403fb7f61e42821

  • SSDEEP

    6144:MfArwo8dTRKUVxxBi38ZQghaM7geoxG4GOM47YPRyds:M4rwo8HK+xi3wQq7SxG4/BYP

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2