Extracted

• • Target

    d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a

  • Size

    784KB

  • MD5

    4a41f0922710dc4bc37f8c12134e27b3

  • SHA1

    929e17a6ede2ca22d28c5c7367f0305a523f6bbe

  • SHA256

    d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a

  • SHA512

    2d291a80a981c54f4965538efca11defcc0d7f5d269264cf3f0ae530bffc1de55e161f60828fb16e0176f0d86cd1e693c00228294d50f498df120ddaf14c78b1

  • SSDEEP

    12288:YdIeXMcD1AfurYFd/Y26VOb9Me3XaWmB/TzMygl5ylWpM:YdMcDnrsyVO53XJaTQygzylj

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2