Extracted

• • Target

    sc0pe_carved-0.exe

  • Size

    720KB

  • MD5

    f61bfec08b5fbed4e4721f681b83e4da

  • SHA1

    5ee88ab9e81bec93237b0334b754bda9d1cf8d0c

  • SHA256

    c5b6985cc8e63c04d1ee674684e6362353c00002fdfaff33e15affae9c005b00

  • SHA512

    a652f4712995bd67f679f445d8789885abe70d0d9a1194360f3aeae4e43fcef225dca6dc0dec37e95f5da440869b96fb288917bbbef3350fed0e5fe1cef51db2

  • SSDEEP

    12288:pA5WIPr4zID/KFICxATrPsbmC4Fl3eSY7JHVEjxxXNYb8sxf:+iCHS4FRGHCjvMNl

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2