Extracted

Extracted

• • Target

    1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3.exe

  • Size

    680KB

  • MD5

    967eb9fa0ce5f1ec2b6b132728fc6e07

  • SHA1

    58d29f3b5463467cfd666b8b1b79bbec930f0d66

  • SHA256

    1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3

  • SHA512

    6960fe8f82db6c3e020be07fc6147361c8ba4966293c761255156bd6e32025d203290f3c39d535dde60078addd9cc99f461adc793605a28f996331cd6f829ad1

  • SSDEEP

    12288:tCIEJjIu1KPsUDMy1+TiReOE1rUxsLINxW/9AFItaGeGQwmEBK:7EJHKPrWiRMV0Ne9A6sdGQwmEc

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2