Extracted

• • Target

    TT application copy.exe

  • Size

    603KB

  • MD5

    dda7e4b341b33adf67b9215c642ab9a3

  • SHA1

    d5d2a4ca9cf25f3d8de44d30f317927f1d23bba2

  • SHA256

    3eff8258ac6c696c721f2f69d9d233a026dfff9ffadeb7a7be42ae4abdae2aef

  • SHA512

    9ccd783bc47399729ead2b3ff4aed3ba3d7ff4804583c443f9058419530af98ad4f2fc9af329b8425db40e288b5ff90fc0c814748768e9f2766ca516ce4506f8

  • SSDEEP

    12288:km3+qtF766Nz5SQAkZbF5qtUhHHd57fubggC66zNOc:v3+866BnAkdF5qtUhdBfkgl3

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2