Extracted

• • Target

    baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2.exe

  • Size

    650KB

  • MD5

    987a2dd36bf202de190bb71bdba080b7

  • SHA1

    3609ffe72f3982c9fc7a8199bcc2b9fb88f6771f

  • SHA256

    baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2

  • SHA512

    3a29940db9875c030b2ab9d9911ebbc6c0c64a1ca4037931eb38b023f16b70a609feceb95b243af5698ac9dc39320795ce6c857f537a5f4e9254332b13b237dd

  • SSDEEP

    12288:PHbA7SxtLLhNYWW8KBq/o0/mw9IvoOa4yqCL8Y3d00Yvog2aAFQR0/jkwNmopox:USvtZ4Y/CvobQYS0YvWAokeme

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2