Extracted

• • Target

    18d6a7766721121d4b54f2b5eef76e17.exe

  • Size

    695KB

  • MD5

    18d6a7766721121d4b54f2b5eef76e17

  • SHA1

    2395e0a5b3980f283eaffee8302d8581dbdc6175

  • SHA256

    e1453fb8c21b01fc95b2441e260e982516915d11c34c6e25f5208c173bed72df

  • SHA512

    79982597e6b0c3d5b95745326d9be7203ccb66b2d7165b7c534f6fca49baeef5b9613d0d94f1196d5aadf294e152e0352b10f19330528e7d85f8894d54b090b8

  • SSDEEP

    12288:XAfDuHOX+J+hlsYlt36ENuaxdPZcafD3uGw0PYNDWA2P01oDbJDAkqJaf6RMQZkg:XgkJ+hOYl5NuaxdRceulkYxWJ0YJMtP

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2