Extracted

• • Target

    Banco BPM Payment _Receipt.bat

  • Size

    6KB

  • MD5

    6aa5d99f2f18d3655ae0d62884f951fe

  • SHA1

    70286e62ebdb15b55c6cca8058da53af14aaf6a3

  • SHA256

    7509bbea073fad9c718e4d7b32cec61c2288e6ecb2e3e6a29e5c203fded3f189

  • SHA512

    e1a14f6e2403a3222a715e0dc11cbf2c1491b500db889de9fb1148b22e73cb3271a2ebb291b89c7b11f1ced01573bdd2e5d9d802ad89618e3dfa4ef2ed900f7f

  • SSDEEP

    96:3mG46M9ifUo5OUPBvcQsTYQePn7yLHtPzNt:3V46M9if2UPBiTYQsn7yLHn

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2