Extracted

• • Target

    N DOCUMENTS.exe

  • Size

    1.1MB

  • MD5

    440faaa42ef0d21bd30d04585880605f

  • SHA1

    1f285bac25369f93edde9d6077af7ac81e86edb1

  • SHA256

    5c4936b5fb84ffef88404aa02b889bd1bb3edb999e70d7b3a1fd179c6fef96ac

  • SHA512

    110be6b3ed1ca2412c7122b73fd22b3b9807649b382469d017284a39b2fb1bbc502bacf1542873cb977a90048b03504ba079c49453216bb5b7acd9a75f667f2c

  • SSDEEP

    12288:/ndw0fWL//kwmoPdNKPvnAEkIrmLLyoVyXPyH32hQyiqwUqAlL1WTw9U:VtfWLnkwnmPAEbrmqPmsuSqtw9

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2