Extracted

• • Target

    Q&A session 1 RFQ-INDOM-2023-013 final.exe

  • Size

    603KB

  • MD5

    af2ff31385848a9916f9f4c4a01fc0a9

  • SHA1

    efe3f9713eb8f8569f653e2549434e2309e44ea7

  • SHA256

    513b504d6939f1a106cf21f1f4029ab30c5f701fbcf63881b1a5df7466ed2eb1

  • SHA512

    78aba207ff31bf4582235130ffd47a82787487f4484c526fa3f2c3f10ee4c473b9daaad0fd957a7091e30b4fa15772dfe776616d67f9dc8835c3df34d9b98aa3

  • SSDEEP

    12288:PeyooR/t43XlNvAmYpTi1QDzS5xtbb9vOpgFA9:roQiXxMBzS5xtbIpmY

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2