Extracted

• • Target

    279479d7f8311dc31a6123bb46451795ae79864582bccee23e3262119a218f34.exe

  • Size

    790KB

  • MD5

    e87a53f8119728e8c0e5432276f1fbd9

  • SHA1

    617316663be1c8fe0a31d7e989ce7eae0a93e922

  • SHA256

    279479d7f8311dc31a6123bb46451795ae79864582bccee23e3262119a218f34

  • SHA512

    e02ea27617448d7193ed9f43cc0f93a68e1861bcb2697e0c0d069f9c3a83c93002ddeb9ccdb770a83f97cb590e6aa4f850951bde773a89caa68874418943b873

  • SSDEEP

    12288:asxTA6qNb5y7QsDzVlEcSqXbUsiaB3xeX2lfpuMtUzKVXPTt0uSax:lxs6koFzAcSS+aneX2lwMlVXPZMs

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2