Extracted

• • Target

    AFX_909388388382772883.jpg.bat.exe

  • Size

    621KB

  • MD5

    209267b5decf170fdc25565e0d86a5d2

  • SHA1

    a96b5e85c76e518534c59a849ec45e129c1597a9

  • SHA256

    0a109b2fcbb4ceae58549963c3c7ba7444763b9c9536323e95d90116cd78f809

  • SHA512

    2e1fc8466a4c4a773845a4c2d378d2e2fc427c56f820eef6d9f0c1fc6d216c6fb17c6ed1c278798c2772db87bb3382bef6a74337eb538519bf15d9b70cd34890

  • SSDEEP

    12288:tknueH5qxiaH9god9j5199wXRusYfB6CxNK6PRW:6Vqxi8yqB510R4Zw

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2