Extracted

• • Target

    dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f

  • Size

    987KB

  • MD5

    3efafe24f34c1b1b7f0c39943a6327d1

  • SHA1

    3c8cfac5575c18d9ffe4a181a629d4c666c77e2e

  • SHA256

    dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f

  • SHA512

    20693c27ccfdfe86ef213148ab994b72c5f3dd179d60dcb72fd0eb1af9893c02cc228d13b3ca6866550ea047662ddc6cfe6532dced9c866bb536079fa93e4a0f

  • SSDEEP

    12288:GUe1E6jD/0LyZX6NsR4hu9rGJ31I+iZxMAW/7AKrm3BTPFhW0fbgndK41155opoE:pe1tD/PZX6nhy031IL7xHJ+Q41Ve

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2