Extracted

• • Target

    3c8a01515b76ece7923baaa71138c4bc

  • Size

    1.3MB

  • MD5

    3c8a01515b76ece7923baaa71138c4bc

  • SHA1

    f3ff5e1b1b12becaf13e7f34cb16e6fec7f8ac9f

  • SHA256

    99316f18cd9051b5f5a433d4fe11376f5dbdb7bd45ee2f276e92f89e05cbb5f0

  • SHA512

    4701ce91f2448987b332771b6293ccead46513b60684f6bf78789572708a0a49e90f931608b51012668a3a4f7f1d3993d1560d8ca0e6f1748fac85f38d21f1bd

  • SSDEEP

    24576:TTdS/d3jYdkgfmU0NRAFdCt3fe0tGmwRGPoN7vdiTbnFM:/vYRaC/Gm/PoiM

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2