Extracted

• • Target

    8bc2d2a8e99fdf12dabed46d100d94d357e064f307718087591e9858c840a1c3

  • Size

    749KB

  • MD5

    1f7ecd39b8e260c1e2619dc152b0166d

  • SHA1

    c80687bf98fcbe2d677621d4a5670d73ea643d11

  • SHA256

    8bc2d2a8e99fdf12dabed46d100d94d357e064f307718087591e9858c840a1c3

  • SHA512

    9d6c9cd7b982ef8867592c799409d96fa25b0adfba0945b1561be44a7ca1fc4b85e05ace74c31b5cf63694d9a24a825163dad3e5b6730aa0f95a0bfcfaba7b58

  • SSDEEP

    12288:5/dL6yiRJU/Wc4JtAJkelSxPGjW5nXi5d5BZ/Ndd7cm9kOUWJYFe9yh:NJBFenfEk0SSW5XaL/N7c+lYc9

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2