Extracted

• • Target

    6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3

  • Size

    803KB

  • MD5

    e85252cf778cac3232c28a1394caa183

  • SHA1

    aac2865bfaf52511c4f0a1128937962b040ee09b

  • SHA256

    6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3

  • SHA512

    7b57bc1eab32bcc239bea531412952735a7e409df9cbf3a4245aaf890906be24aaa927fd493911b2b7a4d3ebecd911757e57f021ccdb53517e0f570d753e6a81

  • SSDEEP

    24576:bRKtD/61IIeSNzgvzU48rt+NlF0v86BKqn8:w6KbSNzgLz2t+XF0E6BKD

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2