Extracted

• • Target

    2cd8bNI2Q8OjPmz.exe

  • Size

    981KB

  • MD5

    3de07ffe868ada1a96711d2b4220e5c8

  • SHA1

    743995cb278684b37e915910149078e87c57359e

  • SHA256

    346bcb7c4e51ec2d4555b72eac33096db6e58f3290d3c0c9e26b6e516912fafa

  • SHA512

    902aaf0e52baaf6fda66e167acf03ee8bfe54d1479cede44c898142f35b271ea24b915908a87ee5e44cee16117ebaa9ab1b591fc5e508afb296842747c605a7f

  • SSDEEP

    24576:Og9btzessOwlK4MbRzq3Y/ZUqMuO7tpXATRY4BY:Ogi5JMhq3Y/ZUr/XWY

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2