Extracted

• • Target

    rPO11052021pdf.exe

  • Size

    562KB

  • MD5

    7cf8b56f386d4e5647cc183d3bf844ae

  • SHA1

    b56186519856d5b039f594753f73f98f8d11ca7a

  • SHA256

    67089c843e95ec299c4d88771c249e4a71ce9486eaee4cfc3bcf29550b503ebb

  • SHA512

    508b4bcae246515fc914078a24f9e29739963f1c06c3c843ee77deb92713429de6d52f7976073836e883a8d0efea40cb443cf0818920b4c6185e4ae78067aa7a

  • SSDEEP

    12288:RPsi2nAtAiJ29KjnwAqBaAYbR4p2uf4a6YINz:hsZFiJBjnaYbmp2uf4apI

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2