Extracted

• • Target

    70031MES.EXE

  • Size

    565KB

  • MD5

    b07419d2bf5fd6f6f75b47fd857c42ea

  • SHA1

    a3df0a87d181a1c0912d4fe9e8848741688d6445

  • SHA256

    3ca50b691c245e5d31ba80c101285ef26fc08c0ae5afcca3ab2b61b53dabec35

  • SHA512

    7d5b779c3181bdfabdaab240e5ca4c0c47bfa3b0ee002f9aa5ec8e649ca7df95e878060985ca0ee18d035e9e1e482b7075f921ef86ed0acfb1871f2961578fb8

  • SSDEEP

    12288:1e+QaueH5qUuRDIlaNOjAFXxCyA1582aGDW7/ntf2B6ogV:1eiqUMI4NOjICZK/tf2o

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2