Extracted

• • Target

    delivery order document.exe

  • Size

    645KB

  • MD5

    b4ab04b941bc4ef3242d505a3d8923a2

  • SHA1

    51ad62a2341044f38ff35bd12968df65e64d8da9

  • SHA256

    a6608ce0f39cb1ee560bfdf8d7e421b093169b36c5db03b1a77be8296a6736ee

  • SHA512

    9073c8b87f267d034cb49528cdf759ae590ca42c195bacab138942dedddf68b81f870dd17e9187239e18aae4b56b32a1706fbe6b71fcd5c23e976f98bba8defd

  • SSDEEP

    12288:OzfqBuzDQiUUIXavawupz1DCGfd7TTIYpkaK1Hpp2ggjyLQUK:OT6iT9qJfd7QYKaop2g5q

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2