Extracted

• • Target

    New Order.exe

  • Size

    737KB

  • MD5

    e8cbd5675d4c737a5ae343e52f0d8449

  • SHA1

    73b7079173f8f8086c049013cebda7d6df8e01ce

  • SHA256

    ef5ac294d9362a9da60b52494588ed6e21b291acbecd15ab99c192d78add24f9

  • SHA512

    ae4de1a8b3faae583c634b5f108eae96d72c417b5338ad8509d5a6eeb5c421573321070a794793af0496279751c96e7af471345141b50dc68dd4f4b4ae2ff73c

  • SSDEEP

    12288:vqc3+GCueH5qEbnvaKi+YEuRKfM9Dna9hzHT+xVlMsRyFd3ouXfYfUqJJu8hBBek:v/uG2qE7I+Y0LGxVlMdpngfUcthSkkkN

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2