Extracted

• • Target

    tyuerghj.exe

  • Size

    752KB

  • MD5

    1ae98135f3721f93c3627b8167e6fa50

  • SHA1

    c5eae06d96051b94cb6e0dabd0f40fed7384306d

  • SHA256

    e1ae0e66e2ad4ee07faec69a41c3aaf6982e5a5c6fe9af7403310c43519227be

  • SHA512

    64db93b80a24eb03104caaf778dd29d1a1592652b2d7f734f1e3e0ede89af5f1cafa627a756ec6fb63aa2e2cfa42ade6c6a9aa1e8dfff749275c19e6cb6e7565

  • SSDEEP

    12288:767B0v33ZJRDqzafmCu5ZjcVZaY2xtxDLQLBNwR2z3n8jUhRcOJ5cLc:76+v3RB+Cu5CZlutZLQLBNhn8j5y/

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2