Extracted

Extracted

• • Target

    AprilOrder.exe

  • Size

    762KB

  • MD5

    6a4c52a86dc20679d836a4cc5c9e7280

  • SHA1

    de5060be89dd653226a8251b04c6726ce1d7e846

  • SHA256

    7d17f84cab786296bb3ac7001e3706f112db5b69c82789b709f6cec2ea0fd116

  • SHA512

    19f7436bf7ef73c39a01ca837c20707ef063d3cab0f42c10612f992626f65b130c520da9d732110e662023c55bb8dc2a184d1abf4e639d3e5a5707edd8cfba4b

  • SSDEEP

    12288:QkBNBxgP5SKmY/Q2jVECsa/xhwK8/vXKKJfhwzRogC2Aff:FBN/gPW2VE0w/v6YhCogC2g

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2