Extracted

• • Target

    0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d

  • Size

    733KB

  • MD5

    94814f9b52f79d0ce846383438eabc8a

  • SHA1

    138f147b860b3a580ab69d4a94d00ca4a0a65d1a

  • SHA256

    0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d

  • SHA512

    b6f33bfd22aac0f44c187cdaea5eda73fe0d726d26f4ad5e08c03a2d5601cddb21a93248c71b97f55be1c2ef4b490d2d32364a9a26aba63834829d4611af7103

  • SSDEEP

    12288:wV5nF8ME6jD/A9qL/C4Wg3yu5ZF1EVEMtWik5v28B7DaYIgc2k5Y:wVPtD/AcLBWpu5ZXEVJtu5+8B7Dhg/5Y

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2