Extracted

• • Target

    SKM-7088.exe

  • Size

    715KB

  • MD5

    5b7ea5a8e579fa9de99ab8812a8cf5c3

  • SHA1

    2b321d8502b001fa3b04a38f9d1faf9146a1389f

  • SHA256

    391d6c12f39cc9f83c7ec77261409e9168c9c21d8bf90288c5c9d5541ba2cf18

  • SHA512

    e1e4b706b121e78d4236d32fa6c85e48fd33edc7f4b8066b50cae2ed335a73b51bb4e936f0284f5264f51d7ab1ce0da9c62e91f29d9ec56fc1ca51f1ad852032

  • SSDEEP

    12288:ywdIjyqz4/kr1Nx6SL88KB0EyG9+f+O9/HP6Tvw3:F7/kRzo8KB0vg+z9/HCw3

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2