Extracted

• • Target

    dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c

  • Size

    391KB

  • MD5

    2d6edf232ef2f4e9ac72de52b4b4efa5

  • SHA1

    2bbfb909e4e3bb1a1518e973afec5b587b59e426

  • SHA256

    dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c

  • SHA512

    90cbe6288b682f688accd8a7493202d26f8a8614bc5a5bdc19743a4b8570bf7dfc47a1496f6fea759ba2319f2744e8bf17cdd6d859723cfee7ae3a4a2488c32e

  • SSDEEP

    6144:/n1m9kdbQS6vsB3qfLWnNnBkbE9UX3rhnpC3quvmb6SrnV3LYpMMAI:/OeuvsB351Bkr3rh9b9hr

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Abuses OpenXML format to download file from external location

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2