Extracted

Extracted

• • Target

    ee18f2387aa35dd3771ed2b396031830acb88f893e7414802bfd9c446df0320b.exe

  • Size

    331KB

  • MD5

    4d5be358bbac13c569a560cebe97bf68

  • SHA1

    859de0440fe714a8e0362b9977183c61273ed650

  • SHA256

    ee18f2387aa35dd3771ed2b396031830acb88f893e7414802bfd9c446df0320b

  • SHA512

    ae6691571ae77e7d1c5c5f36a06bc20bf070a5ed00775d858832f1040f2f24fd6f3eef2d0d1f3565da986e79619a571589f36926ec1d323378ca879497354283

  • SSDEEP

    6144:W2rC8UJ4M78AS3ZslYwHvil7FQf3gNUa5LDnLgKjx1S44q:7UJ8p3Z6YwKsf3onn8KF1W

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect packed .NET executables. Mostly AgentTeslaV4.

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects executables referencing Windows vault credential objects. Observed in infostealers

  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

  • Detects executables referencing many email and collaboration clients. Observed in information stealers

  • Detects executables referencing many file transfer clients. Observed in information stealers

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2