Extracted

• • Target

    ca29141c602052dd2caba38964ad54ad1e4540c803bdd13b75f8116531131901

  • Size

    630KB

  • MD5

    37b2fbd574dab3275382f7a44b9c8c01

  • SHA1

    ba6217f025088a6391227c4d7790aee2ef7f94a4

  • SHA256

    ca29141c602052dd2caba38964ad54ad1e4540c803bdd13b75f8116531131901

  • SHA512

    e2111550a895009f7a4e9d76554873d649ab8da05f95da87887916857c23b23e3e5ae9c2085164bf09b52d3016cfa2b0dacd7798ac27dbe591cbb03ec39cce45

  • SSDEEP

    12288:YWYIPXjxannnHg2LK08imMWNtAgE8sjskQjUGpvzKazNbwk+l81fNwHh7k:YWYIPFannnHg22ZizWNqgE6LAav2cB+Q

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2