Extracted

• • Target

    62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5

  • Size

    1.0MB

  • MD5

    699903a49141a073a22b16c3da6207d0

  • SHA1

    084748c6df44572f1e99b91f5fbb23d409235634

  • SHA256

    62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5

  • SHA512

    06ced7a5965e5310b8a5fccc1dbbc080d4d69f4fd066eb9a949c5a84258831154eb90ff53cce95185b081688ac09202ddb80506ddb35292d77660fc1fb9506b2

  • SSDEEP

    12288:KGKhkZ5gQ6rESOfMKTpTuwY1Et8sZHnFgEOeCRhUG5Kx:K/K/gQEaM8pTuwY1EGSlgEOeCAGi

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2