Extracted

• • Target

    4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4.exe

  • Size

    886KB

  • MD5

    7917fbaf428ac4ee4438cc06959108d7

  • SHA1

    db4f83927ed86ba1331271ee8194a35ffddbb2df

  • SHA256

    4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4

  • SHA512

    5006f7c6cb4a3d2d068439aaf77f8dd08d4bcaa499e1873543ae36d47b925beefff0911bb1dbe712c92e66114124681d4663c1a180669eba31f633bb05e72ab2

  • SSDEEP

    24576:nCCCCCCC8CpCPCCsCCSes9zKDu2X/GIPsxC1E:NdIlXJPsxCS

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2