Extracted

• • Target

    1c4f136b0cb4a262641ef9596569811a8556eea3427987ab845b5a24c859d84b

  • Size

    645KB

  • MD5

    5463437e1bd1a6dd3cad1f8e373cb83c

  • SHA1

    b8408c5402745078469b04803f9bc1e5a147700c

  • SHA256

    1c4f136b0cb4a262641ef9596569811a8556eea3427987ab845b5a24c859d84b

  • SHA512

    566cffa86ec5c67660e5400fd63272710cbfe4a33d8e4d947510c148cdf70114021927dd5c737fa4259e1060ec6d658d28ae3f583bc592a390810040d8ec5942

  • SSDEEP

    12288:i6pQaueH5qllv/y5BWLxSaI6W/4uWNhwiiXn9VtVqEwf0fEU:i6HqDifKxnB/PwjnxVqD5

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2