Extracted

• • Target

    23343100IM00270839Dekont1.exe

  • Size

    1.1MB

  • MD5

    9d30f25b8c61a1736d7296f65b5ddba0

  • SHA1

    6c5cf22f6f581e278109b7aa79af945835dcb490

  • SHA256

    f0a807ee5a09035670ebd38dd8dcb584f9af0f51f3ae072791f61db7766d6689

  • SHA512

    c87dc3b875758ce744ee2f6a57c8e859898bcca86bc47e5a357df1609ecf31cb709b52246ef019d69ee3a1b0ae12a98d9d132423fb0826b14408d73a766507a6

  • SSDEEP

    24576:11bPKtD/61IyUiFBKL4eryD2Tfckv4B/:W6KyzBKLzbfczJ

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2