Extracted

Extracted

• • Target

    203b77e03c015bb3e23cf818bf31827a.exe

  • Size

    729KB

  • MD5

    203b77e03c015bb3e23cf818bf31827a

  • SHA1

    0b2d8c7e724bd69287a0cbdfc763cd1a448caed3

  • SHA256

    b3a5d73b31d152222ab912e63ee126814f3c5c3fdcbdc50ad6772bc6bc867c7c

  • SHA512

    d61f118ce0a4d79b4a6f6fbe8a9d4d5ad08ace1963dc7810f3a53a1d9032bb191c4256792b82c1a49625609286defbb1b5b03bbf31a97fdf3b5e11e3fd9a1028

  • SSDEEP

    12288:sdfSRtw2lq3Pal3ZmtWbMMAM5JhXX+uDmtqKz5IXEJUXQ4hu3a58:st2lq3yNMtczJhXX+uKtqK5biXQ/

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2