Extracted

Extracted

• • Target

    927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500.exe

  • Size

    701KB

  • MD5

    026a36df02261bbaef89af87b33f7be0

  • SHA1

    2bb47544134683f75cea0167ac6b59524df7cd50

  • SHA256

    927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500

  • SHA512

    563c1ab724cc13f26c51b6199e8bf02fba137f0d020198402aac685807511238b1bb27dee48b5fed8fbb4c7d4bfa36f757f404bf5ac0e17172405c1c2f67fa24

  • SSDEEP

    12288:Stp1E6jD/6o8W4hFp7xbSrVymfn4FkDvzP4PpBppCZDOGt2xhxopox:Qp1tD/6osjNbQfn4uzgPDpQ5tyhxe

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2