Extracted

• • Target

    962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576

  • Size

    378KB

  • MD5

    0fdfe2791dc1f3378b2f4722753dafeb

  • SHA1

    9f4e4a990e6bee0744e51576d3f9dc3c96cb9dc6

  • SHA256

    962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576

  • SHA512

    1f7fc277c1c22f1264085c0211c02b5ea79727622bf1422c5ceaa6b1678628f8d335f52dde4e0c27193201dcb008e8a7cbbed01d5c9d4719c838d9a8642acd01

  • SSDEEP

    6144:FVHsE6p7umpYGzXYQUebLrOrIw4xNGYfqxOH+oaIviPHc+k3iIecCb:FVHslamp3XYQX3Ol0QQH+/Iqpk2

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2